{ "type": "URL", "indicator": "https://googleapi-cdn.com", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "https://googleapi-cdn.com", "type": "url", "type_title": "URL", "validation": [], "base_indicator": { "id": 1583684104, "indicator": "https://googleapi-cdn.com", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 1, "pulses": [ { "id": "5b69d37292f5ac2b98346cf3", "name": "FIN7 Recent Bateleur Malware Campaigns", "description": "While much reporting indicates that APT cyberattacks are espionage\nmotivated, financially motivated cyber criminals have also been stepping\nup their game since as early as 2013. Using TTPs akin to their espionage\ncounterparts, groups such as Cobalt Group and FIN7 have been targeting\nlarge financial institutions and restaurant chains with much success. The\nCobalt Group alone is said to be responsible for causing 1 billion euros\nworth (US$1.17 billion) of damage to the financial sector.", "modified": "2018-11-22T08:52:20.561000", "created": "2018-08-07T17:14:26.937000", "tags": [ "fin7", "Bateleur" ], "references": [ "https://www.accenture.com/t20180803T064557Z__w__/us-en/_acnmedia/PDF-83/Accenture-Cyber-Threatscape-Report-2018.pdf", "https://blog.morphisec.com/fin7-not-finished-morphisec-spots-new-campaign" ], "public": 1, "adversary": "FIN7", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [ "Finance" ], "TLP": "white", "cloned_from": null, "export_count": 62, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 10, "email": 1, "domain": 5, "URL": 4, "hostname": 1, "FileHash-SHA256": 2 }, "indicator_count": 23, "is_author": false, "is_subscribing": null, "subscriber_count": 386858, "modified_text": "2748 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [ "https://www.accenture.com/t20180803T064557Z__w__/us-en/_acnmedia/PDF-83/Accenture-Cyber-Threatscape-Report-2018.pdf", "https://blog.morphisec.com/fin7-not-finished-morphisec-spots-new-campaign" ], "related": { "alienvault": { "adversary": [ "FIN7" ], "malware_families": [], "industries": [ "Finance" ], "unique_indicators": 23 }, "other": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 0 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/googleapi-cdn.com", "whois": "http://whois.domaintools.com/googleapi-cdn.com", "domain": "googleapi-cdn.com", "hostname": "Unavailable" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 1, "pulses": [ { "id": "5b69d37292f5ac2b98346cf3", "name": "FIN7 Recent Bateleur Malware Campaigns", "description": "While much reporting indicates that APT cyberattacks are espionage\nmotivated, financially motivated cyber criminals have also been stepping\nup their game since as early as 2013. Using TTPs akin to their espionage\ncounterparts, groups such as Cobalt Group and FIN7 have been targeting\nlarge financial institutions and restaurant chains with much success. The\nCobalt Group alone is said to be responsible for causing 1 billion euros\nworth (US$1.17 billion) of damage to the financial sector.", "modified": "2018-11-22T08:52:20.561000", "created": "2018-08-07T17:14:26.937000", "tags": [ "fin7", "Bateleur" ], "references": [ "https://www.accenture.com/t20180803T064557Z__w__/us-en/_acnmedia/PDF-83/Accenture-Cyber-Threatscape-Report-2018.pdf", "https://blog.morphisec.com/fin7-not-finished-morphisec-spots-new-campaign" ], "public": 1, "adversary": "FIN7", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [ "Finance" ], "TLP": "white", "cloned_from": null, "export_count": 62, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 10, "email": 1, "domain": 5, "URL": 4, "hostname": 1, "FileHash-SHA256": 2 }, "indicator_count": 23, "is_author": false, "is_subscribing": null, "subscriber_count": 386858, "modified_text": "2748 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "https://googleapi-cdn.com", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "https://googleapi-cdn.com", "type": "URL", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1780365978.8862135 }