{ "type": "URL", "indicator": "https://gkblz.0ffice36o.com/", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "https://gkblz.0ffice36o.com/", "type": "url", "type_title": "URL", "validation": [], "base_indicator": { "id": 1603662851, "indicator": "https://gkblz.0ffice36o.com/", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 1, "pulses": [ { "id": "5bfd67175b01ce7358447f5c", "name": "DNSpionage Campaign Targets Middle East", "description": "Cisco Talos recently discovered a new campaign targeting Lebanon and the United Arab Emirates (UAE) affecting .gov domains, as well as a private Lebanese airline company. Based on our research, it Is clear that this adversary spent time understanding the victims AND network infrastructure in order to remain under the radar and act as inconspicuous as possible during their attacks.", "modified": "2019-04-05T12:00:19.434000", "created": "2018-11-27T15:47:35.491000", "tags": [ "lebanon", "uae", "DNSpionage" ], "references": [ "https://blog.talosintelligence.com/2018/11/dnspionage-campaign-targets-middle-east.html", "https://blog-cert.opmd.fr/dnspionage-weird-apt32-stuff/", "https://www.lastline.com/labsblog/threat-actor-cold-river-network-traffic-analysis-and-a-deep-dive-on-agent-drable/", "https://www.crowdstrike.com/blog/widespread-dns-hijacking-activity-targets-multiple-sectors/" ], "public": 1, "adversary": "DNSpionage", "targeted_countries": [ "Lebanon", "United Arab Emirates" ], "malware_families": [], "attack_ids": [], "industries": [ "Government", "Aerospace" ], "TLP": "white", "cloned_from": null, "export_count": 58, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "hostname": 39, "domain": 14, "FileHash-SHA256": 5, "URL": 48, "FileHash-SHA1": 4 }, "indicator_count": 110, "is_author": false, "is_subscribing": null, "subscriber_count": 386569, "modified_text": "2612 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [ "https://blog-cert.opmd.fr/dnspionage-weird-apt32-stuff/", "https://blog.talosintelligence.com/2018/11/dnspionage-campaign-targets-middle-east.html", "https://www.crowdstrike.com/blog/widespread-dns-hijacking-activity-targets-multiple-sectors/", "https://www.lastline.com/labsblog/threat-actor-cold-river-network-traffic-analysis-and-a-deep-dive-on-agent-drable/" ], "related": { "alienvault": { "adversary": [ "DNSpionage" ], "malware_families": [], "industries": [ "Aerospace", "Government" ], "unique_indicators": 110 }, "other": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 0 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/0ffice36o.com", "whois": "http://whois.domaintools.com/0ffice36o.com", "domain": "0ffice36o.com", "hostname": "gkblz.0ffice36o.com" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 1, "pulses": [ { "id": "5bfd67175b01ce7358447f5c", "name": "DNSpionage Campaign Targets Middle East", "description": "Cisco Talos recently discovered a new campaign targeting Lebanon and the United Arab Emirates (UAE) affecting .gov domains, as well as a private Lebanese airline company. Based on our research, it Is clear that this adversary spent time understanding the victims AND network infrastructure in order to remain under the radar and act as inconspicuous as possible during their attacks.", "modified": "2019-04-05T12:00:19.434000", "created": "2018-11-27T15:47:35.491000", "tags": [ "lebanon", "uae", "DNSpionage" ], "references": [ "https://blog.talosintelligence.com/2018/11/dnspionage-campaign-targets-middle-east.html", "https://blog-cert.opmd.fr/dnspionage-weird-apt32-stuff/", "https://www.lastline.com/labsblog/threat-actor-cold-river-network-traffic-analysis-and-a-deep-dive-on-agent-drable/", "https://www.crowdstrike.com/blog/widespread-dns-hijacking-activity-targets-multiple-sectors/" ], "public": 1, "adversary": "DNSpionage", "targeted_countries": [ "Lebanon", "United Arab Emirates" ], "malware_families": [], "attack_ids": [], "industries": [ "Government", "Aerospace" ], "TLP": "white", "cloned_from": null, "export_count": 58, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "hostname": 39, "domain": 14, "FileHash-SHA256": 5, "URL": 48, "FileHash-SHA1": 4 }, "indicator_count": 110, "is_author": false, "is_subscribing": null, "subscriber_count": 386569, "modified_text": "2612 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "https://gkblz.0ffice36o.com/", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "https://gkblz.0ffice36o.com/", "type": "URL", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1780213197.0543919 }