{ "type": "URL", "indicator": "https://gaymers.ax/", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "https://gaymers.ax/", "type": "url", "type_title": "URL", "validation": [], "base_indicator": { "id": 3380472759, "indicator": "https://gaymers.ax/", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 9, "pulses": [ { "id": "62441170b32af17b3993ab1c", "name": "Verblecon: Sophisticated New Loader Used in Low-level Attacks", "description": "An unknown attacker is using a complex and powerful malware loader in low-level attacks, according to analysts from Symantec, who first spotted the malware in January 2022 and are investigating its capabilities.", "modified": "2022-03-30T08:14:40.429000", "created": "2022-03-30T08:14:40.429000", "tags": [ "verblecon" ], "references": [ "https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/verblecon-sophisticated-malware-cryptocurrency-mining-discord" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Verblecon", "display_name": "Verblecon", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1001", "name": "Data Obfuscation", "display_name": "T1001 - Data Obfuscation" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1592", "name": "Gather Victim Host Information", "display_name": "T1592 - Gather Victim Host Information" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 287, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "domain": 3, "hostname": 1, "URL": 7, "FileHash-SHA256": 5, "FileHash-MD5": 1 }, "indicator_count": 17, "is_author": false, "is_subscribing": null, "subscriber_count": 386608, "modified_text": "1523 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65707ea462c914d74c28cfec", "name": "CSP via GiveSendGo.com", "description": "", "modified": "2023-12-06T14:01:08.533000", "created": "2023-12-06T14:01:08.533000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 210, "domain": 643, "hostname": 572, "URL": 2392 }, "indicator_count": 3817, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "907 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "643793c5c8d2d1f3e07fec90", "name": "Verblecon: Sophisticated New Loader Used in Low-level Attacks", "description": "", "modified": "2023-04-13T05:31:49.876000", "created": "2023-04-13T05:31:49.876000", "tags": [ "verblecon" ], "references": [ "https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/verblecon-sophisticated-malware-cryptocurrency-mining-discord" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Verblecon", "display_name": "Verblecon", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1001", "name": "Data Obfuscation", "display_name": "T1001 - Data Obfuscation" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1592", "name": "Gather Victim Host Information", "display_name": "T1592 - Gather Victim Host Information" } ], "industries": [], "TLP": "white", "cloned_from": "6433a0c6ddc00e606525afd3", "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "tr2222200", "id": "207905", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 3, "hostname": 1, "URL": 7, "FileHash-SHA256": 5, "FileHash-MD5": 1 }, "indicator_count": 17, "is_author": false, "is_subscribing": null, "subscriber_count": 186, "modified_text": "1144 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6433a0c6ddc00e606525afd3", "name": "Verblecon: Sophisticated New Loader Used in Low-level Attacks", "description": "", "modified": "2023-04-10T05:38:14.854000", "created": "2023-04-10T05:38:14.854000", "tags": [ "verblecon" ], "references": [ "https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/verblecon-sophisticated-malware-cryptocurrency-mining-discord" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Verblecon", "display_name": "Verblecon", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1001", "name": "Data Obfuscation", "display_name": "T1001 - Data Obfuscation" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1592", "name": "Gather Victim Host Information", "display_name": "T1592 - Gather Victim Host Information" } ], "industries": [], "TLP": "white", "cloned_from": "62441170b32af17b3993ab1c", "export_count": 6, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "tr2222200", "id": "207905", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 3, "hostname": 1, "URL": 7, "FileHash-SHA256": 5, "FileHash-MD5": 1 }, "indicator_count": 17, "is_author": false, "is_subscribing": null, "subscriber_count": 186, "modified_text": "1147 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "642ee9049e0f39ede5fafa88", "name": "Arid Viper Hacking Group Using Upgraded Malware in Middle East Cyber Attacks", "description": "The threat actor known as Arid Viper has been observed using refreshed variants of its malware toolkit in its attacks targeting Palestinian entities since September 2022.\n\nSymantec, which is tracking the group under its insect-themed moniker Mantis, said the adversary is \"going to great lengths to maintain a persistent presence on targeted networks.\"\n\nAlso known by the names APT-C-23 and Desert Falcon, the hacking group has been linked to attacks aimed at Palestine and the Middle East at least since 2014.\n\nMantis has used an arsenal of homemade malware tools such as ViperRat, FrozenCell (aka VolatileVenom), and Micropsia to execute and conceal its campaigns across Windows, Android, and iOS platforms.", "modified": "2023-04-06T15:45:08.340000", "created": "2023-04-06T15:45:08.340000", "tags": [ "verblecon", "windows", "infectionid", "discord", "storageleveldb", "symantec", "min read", "new loader", "attacks", "home threat", "next", "date", "main", "tools", "pass", "team", "mantis", "close" ], "references": [ "https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/verblecon-sophisticated-malware-cryptocurrency-mining-discord", "https://thehackernews.com/2023/04/arid-viper-hacking-group-using-upgraded.html" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Verblecon", "display_name": "Verblecon", "target": null } ], "attack_ids": [ { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1134", "name": "Access Token Manipulation", "display_name": "T1134 - Access Token Manipulation" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 310, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "dekaRituraj", "id": "99856", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_99856/resized/80/avatar_0e93d502b7.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 8, "FileHash-MD5": 5, "FileHash-SHA1": 3, "FileHash-SHA256": 3, "domain": 5, "hostname": 2 }, "indicator_count": 26, "is_author": false, "is_subscribing": null, "subscriber_count": 434, "modified_text": "1151 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "642c048b6a8f60d20b7fe8b8", "name": "Verblecon: Sophisticated New Loader Used in Low-level Attacks | Symantec Enterprise Blogs", "description": "An unknown attacker is using a complex and powerful malware loader in low-level attacks, according to security analysts from Symantec and the UK-based firm, which specialises in security software.", "modified": "2023-04-04T11:05:47.859000", "created": "2023-04-04T11:05:47.859000", "tags": [ "verblecon", "windows", "infectionid", "discord", "storageleveldb", "symantec", "min read", "new loader", "attacks", "home threat", "next", "date", "main", "tools", "pass", "team", "close" ], "references": [ "https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/verblecon-sophisticated-malware-cryptocurrency-mining-discord" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Verblecon", "display_name": "Verblecon", "target": null } ], "attack_ids": [ { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1134", "name": "Access Token Manipulation", "display_name": "T1134 - Access Token Manipulation" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunter_NL", "id": "171283", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_171283/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 8, "FileHash-MD5": 5, "FileHash-SHA1": 3, "FileHash-SHA256": 3, "domain": 5, "hostname": 2 }, "indicator_count": 26, "is_author": false, "is_subscribing": null, "subscriber_count": 863, "modified_text": "1153 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "62b99fd5c0360106dad37a26", "name": "Verblecon\u2019, a new malware loader, infects compromised computers with cryptocurrency miners", "description": "", "modified": "2022-06-27T12:17:25.579000", "created": "2022-06-27T12:17:25.579000", "tags": [], "references": [ "March 29th, 2022 - CryptoGen Cyber Threat Intelligence - \u2018Verblecon\u2019, a new malware loader, infects compromised computers with cryptocurrency miners.pdf" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "cryptocti", "id": "110256", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_110256/resized/80/avatar_e237a4257c.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 7, "FileHash-MD5": 4, "FileHash-SHA1": 4, "FileHash-SHA256": 5, "domain": 3, "hostname": 1 }, "indicator_count": 24, "is_author": false, "is_subscribing": null, "subscriber_count": 499, "modified_text": "1434 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "624309520418ee6d2b22b960", "name": "Verblecon: Sophisticated New Loader Used in Low-level Attacks | Symantec Blogs", "description": "An unknown attacker is using a complex and powerful malware loader in low-level attacks, according to analysts from Symantec, who first spotted the malware in January 2022 and are investigating its capabilities.", "modified": "2022-03-29T13:27:46.654000", "created": "2022-03-29T13:27:46.654000", "tags": [ "verblecon", "windows", "infectionid", "symantec", "next", "programfiles", "vbox", "dganame", "discord", "january", "tools" ], "references": [ "https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/verblecon-sophisticated-malware-cryptocurrency-mining-discord" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Verblecon", "display_name": "Verblecon", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1134", "name": "Access Token Manipulation", "display_name": "T1134 - Access Token Manipulation" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 6, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "manuelzepeda", "id": "102853", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 1, "FileHash-MD5": 1, "domain": 2 }, "indicator_count": 4, "is_author": false, "is_subscribing": null, "subscriber_count": 60, "modified_text": "1524 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "621142ca7782b3916aec8562", "name": "CSP via GiveSendGo.com", "description": "", "modified": "2022-03-21T00:02:26.523000", "created": "2022-02-19T19:19:38.454000", "tags": [ "ssl certificate", "whois record", "whois" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 7, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Kailula4", "id": "131997", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 572, "URL": 2392, "domain": 643, "FileHash-SHA256": 210 }, "indicator_count": 3817, "is_author": false, "is_subscribing": null, "subscriber_count": 405, "modified_text": "1533 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [ "March 29th, 2022 - CryptoGen Cyber Threat Intelligence - \u2018Verblecon\u2019, a new malware loader, infects compromised computers with cryptocurrency miners.pdf", "https://thehackernews.com/2023/04/arid-viper-hacking-group-using-upgraded.html", "https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/verblecon-sophisticated-malware-cryptocurrency-mining-discord" ], "related": { "alienvault": { "adversary": [], "malware_families": [ "Verblecon" ], "industries": [], "unique_indicators": 17 }, "other": { "adversary": [], "malware_families": [ "Verblecon" ], "industries": [], "unique_indicators": 3910 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/gaymers.ax", "whois": "http://whois.domaintools.com/gaymers.ax", "domain": "gaymers.ax", "hostname": "Unavailable" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 9, "pulses": [ { "id": "62441170b32af17b3993ab1c", "name": "Verblecon: Sophisticated New Loader Used in Low-level Attacks", "description": "An unknown attacker is using a complex and powerful malware loader in low-level attacks, according to analysts from Symantec, who first spotted the malware in January 2022 and are investigating its capabilities.", "modified": "2022-03-30T08:14:40.429000", "created": "2022-03-30T08:14:40.429000", "tags": [ "verblecon" ], "references": [ "https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/verblecon-sophisticated-malware-cryptocurrency-mining-discord" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Verblecon", "display_name": "Verblecon", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1001", "name": "Data Obfuscation", "display_name": "T1001 - Data Obfuscation" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1592", "name": "Gather Victim Host Information", "display_name": "T1592 - Gather Victim Host Information" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 287, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "domain": 3, "hostname": 1, "URL": 7, "FileHash-SHA256": 5, "FileHash-MD5": 1 }, "indicator_count": 17, "is_author": false, "is_subscribing": null, "subscriber_count": 386608, "modified_text": "1523 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65707ea462c914d74c28cfec", "name": "CSP via GiveSendGo.com", "description": "", "modified": "2023-12-06T14:01:08.533000", "created": "2023-12-06T14:01:08.533000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 210, "domain": 643, "hostname": 572, "URL": 2392 }, "indicator_count": 3817, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "907 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "643793c5c8d2d1f3e07fec90", "name": "Verblecon: Sophisticated New Loader Used in Low-level Attacks", "description": "", "modified": "2023-04-13T05:31:49.876000", "created": "2023-04-13T05:31:49.876000", "tags": [ "verblecon" ], "references": [ "https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/verblecon-sophisticated-malware-cryptocurrency-mining-discord" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Verblecon", "display_name": "Verblecon", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1001", "name": "Data Obfuscation", "display_name": "T1001 - Data Obfuscation" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1592", "name": "Gather Victim Host Information", "display_name": "T1592 - Gather Victim Host Information" } ], "industries": [], "TLP": "white", "cloned_from": "6433a0c6ddc00e606525afd3", "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "tr2222200", "id": "207905", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 3, "hostname": 1, "URL": 7, "FileHash-SHA256": 5, "FileHash-MD5": 1 }, "indicator_count": 17, "is_author": false, "is_subscribing": null, "subscriber_count": 186, "modified_text": "1144 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6433a0c6ddc00e606525afd3", "name": "Verblecon: Sophisticated New Loader Used in Low-level Attacks", "description": "", "modified": "2023-04-10T05:38:14.854000", "created": "2023-04-10T05:38:14.854000", "tags": [ "verblecon" ], "references": [ "https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/verblecon-sophisticated-malware-cryptocurrency-mining-discord" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Verblecon", "display_name": "Verblecon", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1001", "name": "Data Obfuscation", "display_name": "T1001 - Data Obfuscation" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1592", "name": "Gather Victim Host Information", "display_name": "T1592 - Gather Victim Host Information" } ], "industries": [], "TLP": "white", "cloned_from": "62441170b32af17b3993ab1c", "export_count": 6, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "tr2222200", "id": "207905", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 3, "hostname": 1, "URL": 7, "FileHash-SHA256": 5, "FileHash-MD5": 1 }, "indicator_count": 17, "is_author": false, "is_subscribing": null, "subscriber_count": 186, "modified_text": "1147 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "642ee9049e0f39ede5fafa88", "name": "Arid Viper Hacking Group Using Upgraded Malware in Middle East Cyber Attacks", "description": "The threat actor known as Arid Viper has been observed using refreshed variants of its malware toolkit in its attacks targeting Palestinian entities since September 2022.\n\nSymantec, which is tracking the group under its insect-themed moniker Mantis, said the adversary is \"going to great lengths to maintain a persistent presence on targeted networks.\"\n\nAlso known by the names APT-C-23 and Desert Falcon, the hacking group has been linked to attacks aimed at Palestine and the Middle East at least since 2014.\n\nMantis has used an arsenal of homemade malware tools such as ViperRat, FrozenCell (aka VolatileVenom), and Micropsia to execute and conceal its campaigns across Windows, Android, and iOS platforms.", "modified": "2023-04-06T15:45:08.340000", "created": "2023-04-06T15:45:08.340000", "tags": [ "verblecon", "windows", "infectionid", "discord", "storageleveldb", "symantec", "min read", "new loader", "attacks", "home threat", "next", "date", "main", "tools", "pass", "team", "mantis", "close" ], "references": [ "https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/verblecon-sophisticated-malware-cryptocurrency-mining-discord", "https://thehackernews.com/2023/04/arid-viper-hacking-group-using-upgraded.html" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Verblecon", "display_name": "Verblecon", "target": null } ], "attack_ids": [ { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1134", "name": "Access Token Manipulation", "display_name": "T1134 - Access Token Manipulation" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 310, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "dekaRituraj", "id": "99856", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_99856/resized/80/avatar_0e93d502b7.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 8, "FileHash-MD5": 5, "FileHash-SHA1": 3, "FileHash-SHA256": 3, "domain": 5, "hostname": 2 }, "indicator_count": 26, "is_author": false, "is_subscribing": null, "subscriber_count": 434, "modified_text": "1151 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "642c048b6a8f60d20b7fe8b8", "name": "Verblecon: Sophisticated New Loader Used in Low-level Attacks | Symantec Enterprise Blogs", "description": "An unknown attacker is using a complex and powerful malware loader in low-level attacks, according to security analysts from Symantec and the UK-based firm, which specialises in security software.", "modified": "2023-04-04T11:05:47.859000", "created": "2023-04-04T11:05:47.859000", "tags": [ "verblecon", "windows", "infectionid", "discord", "storageleveldb", "symantec", "min read", "new loader", "attacks", "home threat", "next", "date", "main", "tools", "pass", "team", "close" ], "references": [ "https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/verblecon-sophisticated-malware-cryptocurrency-mining-discord" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Verblecon", "display_name": "Verblecon", "target": null } ], "attack_ids": [ { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1134", "name": "Access Token Manipulation", "display_name": "T1134 - Access Token Manipulation" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunter_NL", "id": "171283", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_171283/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 8, "FileHash-MD5": 5, "FileHash-SHA1": 3, "FileHash-SHA256": 3, "domain": 5, "hostname": 2 }, "indicator_count": 26, "is_author": false, "is_subscribing": null, "subscriber_count": 863, "modified_text": "1153 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "62b99fd5c0360106dad37a26", "name": "Verblecon\u2019, a new malware loader, infects compromised computers with cryptocurrency miners", "description": "", "modified": "2022-06-27T12:17:25.579000", "created": "2022-06-27T12:17:25.579000", "tags": [], "references": [ "March 29th, 2022 - CryptoGen Cyber Threat Intelligence - \u2018Verblecon\u2019, a new malware loader, infects compromised computers with cryptocurrency miners.pdf" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "cryptocti", "id": "110256", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_110256/resized/80/avatar_e237a4257c.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 7, "FileHash-MD5": 4, "FileHash-SHA1": 4, "FileHash-SHA256": 5, "domain": 3, "hostname": 1 }, "indicator_count": 24, "is_author": false, "is_subscribing": null, "subscriber_count": 499, "modified_text": "1434 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "624309520418ee6d2b22b960", "name": "Verblecon: Sophisticated New Loader Used in Low-level Attacks | Symantec Blogs", "description": "An unknown attacker is using a complex and powerful malware loader in low-level attacks, according to analysts from Symantec, who first spotted the malware in January 2022 and are investigating its capabilities.", "modified": "2022-03-29T13:27:46.654000", "created": "2022-03-29T13:27:46.654000", "tags": [ "verblecon", "windows", "infectionid", "symantec", "next", "programfiles", "vbox", "dganame", "discord", "january", "tools" ], "references": [ "https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/verblecon-sophisticated-malware-cryptocurrency-mining-discord" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Verblecon", "display_name": "Verblecon", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1134", "name": "Access Token Manipulation", "display_name": "T1134 - Access Token Manipulation" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 6, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "manuelzepeda", "id": "102853", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 1, "FileHash-MD5": 1, "domain": 2 }, "indicator_count": 4, "is_author": false, "is_subscribing": null, "subscriber_count": 60, "modified_text": "1524 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "621142ca7782b3916aec8562", "name": "CSP via GiveSendGo.com", "description": "", "modified": "2022-03-21T00:02:26.523000", "created": "2022-02-19T19:19:38.454000", "tags": [ "ssl certificate", "whois record", "whois" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 7, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Kailula4", "id": "131997", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 572, "URL": 2392, "domain": 643, "FileHash-SHA256": 210 }, "indicator_count": 3817, "is_author": false, "is_subscribing": null, "subscriber_count": 405, "modified_text": "1533 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "https://gaymers.ax/", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "https://gaymers.ax/", "type": "URL", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1780281079.904427 }