{ "type": "URL", "indicator": "https://game.heretohelp.net", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "https://game.heretohelp.net", "type": "url", "type_title": "URL", "validation": [], "base_indicator": { "id": 3634770095, "indicator": "https://game.heretohelp.net", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 7, "pulses": [ { "id": "65a20ff8db3854e863dca324", "name": "Shared Modules | Hijacker | Masquerading", "description": "", "modified": "2024-02-12T04:01:56.040000", "created": "2024-01-13T04:22:16.961000", "tags": [ "filehashmd5", "no expiration", "iocs", "next", "scan endpoints", "all octoseek", "create new", "pulse use", "pdf report", "pcap", "filehashsha1", "filehashsha256", "ipv4", "hostname", "expiration", "domain", "url https", "url http", "source", "stix", "email", "email abuse", "goreasonlimited", "cc no", "tompc", "sum35", "domain xn", "searchbox0", "domainname0", "view", "apple", "apple id", "hijacking", "masquerading", "exploit", "cams", "monitoring", "loki bot", "dns", "open ports", "malvertizing", "malware hosting", "apple script", "js user", "dga", "dga domains", "malware", "multiple_versions", "wagersta", "decode", "system information discovery", "decrypt", "evasion", "defense evasion", "emotet", "android", "ios", "wannacry", "trojan", "worm", "cyber threat", "benjamin", "whois record", "ssl certificate", "contacted", "historical ssl", "referrer", "contacted urls", "execution", "whois whois", "whois sslcert", "and china", "drop", "uchealth", "university of cincinnati health" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [], "attack_ids": [ { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1122", "name": "Component Object Model Hijacking", "display_name": "T1122 - Component Object Model Hijacking" }, { "id": "T1040", "name": "Network Sniffing", "display_name": "T1040 - Network Sniffing" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "TA0005", "name": "Defense Evasion", "display_name": "TA0005 - Defense Evasion" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1444", "name": "Masquerade as Legitimate Application", "display_name": "T1444 - Masquerade as Legitimate Application" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1114", "name": "Email Collection", "display_name": "T1114 - Email Collection" }, { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1071.003", "name": "Mail Protocols", "display_name": "T1071.003 - Mail Protocols" }, { "id": "T1071.004", "name": "DNS", "display_name": "T1071.004 - DNS" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1059.007", "name": "JavaScript", "display_name": "T1059.007 - JavaScript" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1546.015", "name": "Component Object Model Hijacking", "display_name": "T1546.015 - Component Object Model Hijacking" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 13, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 2701, "FileHash-SHA1": 2296, "FileHash-SHA256": 3362, "URL": 6191, "domain": 2033, "hostname": 3097, "email": 37, "CVE": 2 }, "indicator_count": 19719, "is_author": false, "is_subscribing": null, "subscriber_count": 220, "modified_text": "797 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "657099513dc9a827df6cd3c0", "name": "me.com", "description": "", "modified": "2023-12-06T15:54:56.053000", "created": "2023-12-06T15:54:56.053000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 566, "hostname": 219, "FileHash-SHA1": 30, "domain": 123, "URL": 508, "FileHash-MD5": 31 }, "indicator_count": 1477, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "865 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "64d646c18a6a3ba229718df1", "name": "17.253.142.4 - Malicious Phishing IP + BotNet", "description": "Apple Phishing site \nComes in through itunes or Apple TV.\nCommand & Control\nAdds multiple eSIM users. iOS becomes a Zombie Brick. Apple will only say you are to blame.", "modified": "2023-09-10T00:02:53.567000", "created": "2023-08-11T14:33:37.142000", "tags": [ "as714 apple", "united", "unknown", "status hostname", "query type", "address first", "seen last", "seen asn", "country unknown", "country" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 16, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 151, "domain": 43, "hostname": 64, "FileHash-MD5": 1, "FileHash-SHA256": 59 }, "indicator_count": 318, "is_author": false, "is_subscribing": null, "subscriber_count": 218, "modified_text": "952 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "64d64caffcea67ddfaacc5ed", "name": "imac.co.nz Malicious", "description": "iPhone attack. Bad actors utilizing regulations and escalation privileges gain immediate access upon setup. Cell service set up at a carrier but shows as another carrier. Many BBH pretending this is their experience. Actual target unable to access any Apple support by phone. Submit online. Apple ID disabled by either Apple or BotMaster, labeled malicious ID. Live representatives at Apple or Cell carrier difficult to the point of legal investigation. \nApple confiscated a single phone from target. No refund. Engineers needed phone to review and obviously cover up evidence. Target loss control of phone and was verbally commanded to enter ' confirm ' erasing access to issues.\n(I didn't write any of this: A full analysis of the latest cyber-attack on the Apple website, which targets people who have signed up to be targeted by hackers, has been published by the security firm OctoSeek.)", "modified": "2023-09-10T00:02:53.567000", "created": "2023-08-11T14:58:55.215000", "tags": [ "months ago", "created", "white", "email", "ipv4", "author avatar", "modified", "domain", "scan endpoints", "all search", "zombie brick" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Zombie Brick", "display_name": "Zombie Brick", "target": null } ], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 17, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 199, "domain": 69, "hostname": 42, "FileHash-SHA256": 41, "email": 1 }, "indicator_count": 352, "is_author": false, "is_subscribing": null, "subscriber_count": 218, "modified_text": "952 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "64d64cb0a37dd23cd1ca2da1", "name": "imac.co.nz Malicious", "description": "iPhone attack. Bad actors utilizing regulations and escalation privileges gain immediate access upon setup. Cell service set up at a carrier but shows as another carrier. Many BBH pretending this is their experience. Actual target unable to access any Apple support by phone. Submit online. Apple ID disabled by either Apple or BotMaster, labeled malicious ID. Live representatives at Apple or Cell carrier difficult to the point of legal investigation. \nApple confiscated a single phone from target. No refund. Engineers needed phone to review and obviously cover up evidence. Target loss control of phone and was verbally commanded to enter ' confirm ' erasing access to issues.\n(I didn't write any of this: A full analysis of the latest cyber-attack on the Apple website, which targets people who have signed up to be targeted by hackers, has been published by the security firm OctoSeek.)", "modified": "2023-09-10T00:02:53.567000", "created": "2023-08-11T14:58:56.508000", "tags": [ "months ago", "created", "white", "email", "ipv4", "author avatar", "modified", "domain", "scan endpoints", "all search", "zombie brick" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Zombie Brick", "display_name": "Zombie Brick", "target": null } ], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 17, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 80, "domain": 20, "hostname": 21, "FileHash-SHA256": 41 }, "indicator_count": 162, "is_author": false, "is_subscribing": null, "subscriber_count": 218, "modified_text": "952 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "643301d4b3a679c5d8321baa", "name": "me.com", "description": "holy granny crap", "modified": "2023-05-09T18:01:16.786000", "created": "2023-04-09T18:20:03.736000", "tags": [ "apple", "calender exploits" ], "references": [ "http://pv44p00ic-ztell07091901.me.com/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 6, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "callmeDoris", "id": "205385", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 508, "hostname": 219, "domain": 123, "FileHash-SHA256": 566, "FileHash-MD5": 31, "FileHash-SHA1": 30 }, "indicator_count": 1477, "is_author": false, "is_subscribing": null, "subscriber_count": 91, "modified_text": "1076 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "63f171a71657c53b68a4d151", "name": "http://www.itunes.codes", "description": "The Falcon Sandbox malware analysis service is available to download, use and view all the data on the Falcon website, including the full list of features. \u00c2\u00a31.5m.", "modified": "2023-03-21T00:02:57.765000", "created": "2023-02-19T00:47:35.996000", "tags": [ "sandbox", "malware", "analysis", "online", "submit", "vxstream", "sample", "download", "trojan", "apt", "runtime data", "ansi", "localappdata", "unicode", "hash seen", "size", "runtime process", "sha256", "sha1", "temp", "entropy", "win64", "date", "accept", "hybrid", "close", "click", "hosts", "code", "ransomware", "february", "general", "strings", "format", "suspicious", "http://www.itunes.codes", "www.itunes.codes" ], "references": [ "https://hybrid-analysis.com/sample/2faedf856461cfde822d1df8ee565a98772475ddeac87e1ef117d06172a93b0c/63f0c9668d06c2130e052cc2" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1218", "name": "Signed Binary Proxy Execution", "display_name": "T1218 - Signed Binary Proxy Execution" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 12, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "callmeDoris", "id": "205385", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 181, "hostname": 54, "domain": 62, "FileHash-SHA256": 58, "email": 4, "FileHash-MD5": 55, "FileHash-SHA1": 53 }, "indicator_count": 467, "is_author": false, "is_subscribing": null, "subscriber_count": 90, "modified_text": "1125 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [ "http://pv44p00ic-ztell07091901.me.com/", "https://hybrid-analysis.com/sample/2faedf856461cfde822d1df8ee565a98772475ddeac87e1ef117d06172a93b0c/63f0c9668d06c2130e052cc2" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 0 }, "other": { "adversary": [], "malware_families": [ "Zombie brick" ], "industries": [], "unique_indicators": 21911 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/heretohelp.net", "whois": "http://whois.domaintools.com/heretohelp.net", "domain": "heretohelp.net", "hostname": "game.heretohelp.net" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 7, "pulses": [ { "id": "65a20ff8db3854e863dca324", "name": "Shared Modules | Hijacker | Masquerading", "description": "", "modified": "2024-02-12T04:01:56.040000", "created": "2024-01-13T04:22:16.961000", "tags": [ "filehashmd5", "no expiration", "iocs", "next", "scan endpoints", "all octoseek", "create new", "pulse use", "pdf report", "pcap", "filehashsha1", "filehashsha256", "ipv4", "hostname", "expiration", "domain", "url https", "url http", "source", "stix", "email", "email abuse", "goreasonlimited", "cc no", "tompc", "sum35", "domain xn", "searchbox0", "domainname0", "view", "apple", "apple id", "hijacking", "masquerading", "exploit", "cams", "monitoring", "loki bot", "dns", "open ports", "malvertizing", "malware hosting", "apple script", "js user", "dga", "dga domains", "malware", "multiple_versions", "wagersta", "decode", "system information discovery", "decrypt", "evasion", "defense evasion", "emotet", "android", "ios", "wannacry", "trojan", "worm", "cyber threat", "benjamin", "whois record", "ssl certificate", "contacted", "historical ssl", "referrer", "contacted urls", "execution", "whois whois", "whois sslcert", "and china", "drop", "uchealth", "university of cincinnati health" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [], "attack_ids": [ { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1122", "name": "Component Object Model Hijacking", "display_name": "T1122 - Component Object Model Hijacking" }, { "id": "T1040", "name": "Network Sniffing", "display_name": "T1040 - Network Sniffing" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "TA0005", "name": "Defense Evasion", "display_name": "TA0005 - Defense Evasion" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1444", "name": "Masquerade as Legitimate Application", "display_name": "T1444 - Masquerade as Legitimate Application" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1114", "name": "Email Collection", "display_name": "T1114 - Email Collection" }, { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1071.003", "name": "Mail Protocols", "display_name": "T1071.003 - Mail Protocols" }, { "id": "T1071.004", "name": "DNS", "display_name": "T1071.004 - DNS" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1059.007", "name": "JavaScript", "display_name": "T1059.007 - JavaScript" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1546.015", "name": "Component Object Model Hijacking", "display_name": "T1546.015 - Component Object Model Hijacking" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 13, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 2701, "FileHash-SHA1": 2296, "FileHash-SHA256": 3362, "URL": 6191, "domain": 2033, "hostname": 3097, "email": 37, "CVE": 2 }, "indicator_count": 19719, "is_author": false, "is_subscribing": null, "subscriber_count": 220, "modified_text": "797 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "657099513dc9a827df6cd3c0", "name": "me.com", "description": "", "modified": "2023-12-06T15:54:56.053000", "created": "2023-12-06T15:54:56.053000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 566, "hostname": 219, "FileHash-SHA1": 30, "domain": 123, "URL": 508, "FileHash-MD5": 31 }, "indicator_count": 1477, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "865 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "64d646c18a6a3ba229718df1", "name": "17.253.142.4 - Malicious Phishing IP + BotNet", "description": "Apple Phishing site \nComes in through itunes or Apple TV.\nCommand & Control\nAdds multiple eSIM users. iOS becomes a Zombie Brick. Apple will only say you are to blame.", "modified": "2023-09-10T00:02:53.567000", "created": "2023-08-11T14:33:37.142000", "tags": [ "as714 apple", "united", "unknown", "status hostname", "query type", "address first", "seen last", "seen asn", "country unknown", "country" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 16, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 151, "domain": 43, "hostname": 64, "FileHash-MD5": 1, "FileHash-SHA256": 59 }, "indicator_count": 318, "is_author": false, "is_subscribing": null, "subscriber_count": 218, "modified_text": "952 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "64d64caffcea67ddfaacc5ed", "name": "imac.co.nz Malicious", "description": "iPhone attack. Bad actors utilizing regulations and escalation privileges gain immediate access upon setup. Cell service set up at a carrier but shows as another carrier. Many BBH pretending this is their experience. Actual target unable to access any Apple support by phone. Submit online. Apple ID disabled by either Apple or BotMaster, labeled malicious ID. Live representatives at Apple or Cell carrier difficult to the point of legal investigation. \nApple confiscated a single phone from target. No refund. Engineers needed phone to review and obviously cover up evidence. Target loss control of phone and was verbally commanded to enter ' confirm ' erasing access to issues.\n(I didn't write any of this: A full analysis of the latest cyber-attack on the Apple website, which targets people who have signed up to be targeted by hackers, has been published by the security firm OctoSeek.)", "modified": "2023-09-10T00:02:53.567000", "created": "2023-08-11T14:58:55.215000", "tags": [ "months ago", "created", "white", "email", "ipv4", "author avatar", "modified", "domain", "scan endpoints", "all search", "zombie brick" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Zombie Brick", "display_name": "Zombie Brick", "target": null } ], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 17, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 199, "domain": 69, "hostname": 42, "FileHash-SHA256": 41, "email": 1 }, "indicator_count": 352, "is_author": false, "is_subscribing": null, "subscriber_count": 218, "modified_text": "952 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "64d64cb0a37dd23cd1ca2da1", "name": "imac.co.nz Malicious", "description": "iPhone attack. Bad actors utilizing regulations and escalation privileges gain immediate access upon setup. Cell service set up at a carrier but shows as another carrier. Many BBH pretending this is their experience. Actual target unable to access any Apple support by phone. Submit online. Apple ID disabled by either Apple or BotMaster, labeled malicious ID. Live representatives at Apple or Cell carrier difficult to the point of legal investigation. \nApple confiscated a single phone from target. No refund. Engineers needed phone to review and obviously cover up evidence. Target loss control of phone and was verbally commanded to enter ' confirm ' erasing access to issues.\n(I didn't write any of this: A full analysis of the latest cyber-attack on the Apple website, which targets people who have signed up to be targeted by hackers, has been published by the security firm OctoSeek.)", "modified": "2023-09-10T00:02:53.567000", "created": "2023-08-11T14:58:56.508000", "tags": [ "months ago", "created", "white", "email", "ipv4", "author avatar", "modified", "domain", "scan endpoints", "all search", "zombie brick" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Zombie Brick", "display_name": "Zombie Brick", "target": null } ], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 17, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 80, "domain": 20, "hostname": 21, "FileHash-SHA256": 41 }, "indicator_count": 162, "is_author": false, "is_subscribing": null, "subscriber_count": 218, "modified_text": "952 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "643301d4b3a679c5d8321baa", "name": "me.com", "description": "holy granny crap", "modified": "2023-05-09T18:01:16.786000", "created": "2023-04-09T18:20:03.736000", "tags": [ "apple", "calender exploits" ], "references": [ "http://pv44p00ic-ztell07091901.me.com/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 6, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "callmeDoris", "id": "205385", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 508, "hostname": 219, "domain": 123, "FileHash-SHA256": 566, "FileHash-MD5": 31, "FileHash-SHA1": 30 }, "indicator_count": 1477, "is_author": false, "is_subscribing": null, "subscriber_count": 91, "modified_text": "1076 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "63f171a71657c53b68a4d151", "name": "http://www.itunes.codes", "description": "The Falcon Sandbox malware analysis service is available to download, use and view all the data on the Falcon website, including the full list of features. \u00c2\u00a31.5m.", "modified": "2023-03-21T00:02:57.765000", "created": "2023-02-19T00:47:35.996000", "tags": [ "sandbox", "malware", "analysis", "online", "submit", "vxstream", "sample", "download", "trojan", "apt", "runtime data", "ansi", "localappdata", "unicode", "hash seen", "size", "runtime process", "sha256", "sha1", "temp", "entropy", "win64", "date", "accept", "hybrid", "close", "click", "hosts", "code", "ransomware", "february", "general", "strings", "format", "suspicious", "http://www.itunes.codes", "www.itunes.codes" ], "references": [ "https://hybrid-analysis.com/sample/2faedf856461cfde822d1df8ee565a98772475ddeac87e1ef117d06172a93b0c/63f0c9668d06c2130e052cc2" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1218", "name": "Signed Binary Proxy Execution", "display_name": "T1218 - Signed Binary Proxy Execution" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 12, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "callmeDoris", "id": "205385", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 181, "hostname": 54, "domain": 62, "FileHash-SHA256": 58, "email": 4, "FileHash-MD5": 55, "FileHash-SHA1": 53 }, "indicator_count": 467, "is_author": false, "is_subscribing": null, "subscriber_count": 90, "modified_text": "1125 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "https://game.heretohelp.net", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "https://game.heretohelp.net", "type": "URL", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1776631134.8411105 }