{ "type": "URL", "indicator": "https://hdhuge.com/files/remove.gif", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "https://hdhuge.com/files/remove.gif", "type": "url", "type_title": "URL", "validation": [], "base_indicator": { "id": 3007914387, "indicator": "https://hdhuge.com/files/remove.gif", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 2, "pulses": [ { "id": "6160035131bd6e01129e1990", "name": "FIN12: The Prolific Ransomware Intrusion Threat Actor That Has Aggressively Pursued Healthcare Targets", "description": "FIN12 is unique among many tracked ransomware-focused actors today because they do not typically engage in multi-faceted extortion and have disproportionately impacted the healthcare sector. They are also the first FIN actor that we are promoting who specializes in a specific phase of the attack lifecycle\u2014ransomware deployment\u2014while relying on other threat actors for gaining initial access to victims. This specialization reflects the current ransomware ecosystem, which is comprised of various loosely affiliated actors partnering together, but not exclusively with one another.", "modified": "2021-11-07T00:03:12.766000", "created": "2021-10-08T08:37:36.697000", "tags": [ "fin12", "cobalt strike", "ryuk", "grimagent", "ransomware" ], "references": [ "https://www.mandiant.com/resources/fin12-ransomware-intrusion-actor-pursuing-healthcare-targets" ], "public": 1, "adversary": "FIN12", "targeted_countries": [ "United Kingdom of Great Britain and Northern Ireland", "United Arab Emirates", "Spain", "Korea, Republic of", "Philippines", "Ireland", "Indonesia", "France", "Colombia", "Australia", "United States of America" ], "malware_families": [ { "id": "Cobalt Strike - S0154", "display_name": "Cobalt Strike - S0154", "target": null }, { "id": "Ryuk - S0446", "display_name": "Ryuk - S0446", "target": null }, { "id": "Bazar - S0534", "display_name": "Bazar - S0534", "target": null }, { "id": "TrickBot - S0266", "display_name": "TrickBot - S0266", "target": null } ], "attack_ids": [ { "id": "T1199", "name": "Trusted Relationship", "display_name": "T1199 - Trusted Relationship" }, { "id": "T1471", "name": "Data Encrypted for Impact", "display_name": "T1471 - Data Encrypted for Impact" }, { "id": "T1584.005", "name": "Botnet", "display_name": "T1584.005 - Botnet" } ], "industries": [ "Technology", "Retail", "Manufacturing", "Finance", "Education", "Government", "Medical", "Healthcare" ], "TLP": "white", "cloned_from": null, "export_count": 340, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "URL": 6, "FileHash-MD5": 7, "FileHash-SHA1": 3, "FileHash-SHA256": 3, "domain": 4 }, "indicator_count": 23, "is_author": false, "is_subscribing": null, "subscriber_count": 386633, "modified_text": "1667 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65707c3737e2ab3d6e93bfdd", "name": "FIN12: The Prolific Ransomware Intrusion Threat Actor That Has Aggressively Pursued Healthcare Targets", "description": "", "modified": "2023-12-06T13:50:47.029000", "created": "2023-12-06T13:50:47.029000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 4, "URL": 6, "FileHash-MD5": 7, "FileHash-SHA1": 3, "FileHash-SHA256": 3 }, "indicator_count": 23, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "907 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [ "https://www.mandiant.com/resources/fin12-ransomware-intrusion-actor-pursuing-healthcare-targets" ], "related": { "alienvault": { "adversary": [ "FIN12" ], "malware_families": [ "Bazar - s0534", "Ryuk - s0446", "Trickbot - s0266", "Cobalt strike - s0154" ], "industries": [ "Medical", "Education", "Manufacturing", "Technology", "Healthcare", "Government", "Retail", "Finance" ], "unique_indicators": 28 }, "other": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 23 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/hdhuge.com", "whois": "http://whois.domaintools.com/hdhuge.com", "domain": "hdhuge.com", "hostname": "Unavailable" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 2, "pulses": [ { "id": "6160035131bd6e01129e1990", "name": "FIN12: The Prolific Ransomware Intrusion Threat Actor That Has Aggressively Pursued Healthcare Targets", "description": "FIN12 is unique among many tracked ransomware-focused actors today because they do not typically engage in multi-faceted extortion and have disproportionately impacted the healthcare sector. They are also the first FIN actor that we are promoting who specializes in a specific phase of the attack lifecycle\u2014ransomware deployment\u2014while relying on other threat actors for gaining initial access to victims. This specialization reflects the current ransomware ecosystem, which is comprised of various loosely affiliated actors partnering together, but not exclusively with one another.", "modified": "2021-11-07T00:03:12.766000", "created": "2021-10-08T08:37:36.697000", "tags": [ "fin12", "cobalt strike", "ryuk", "grimagent", "ransomware" ], "references": [ "https://www.mandiant.com/resources/fin12-ransomware-intrusion-actor-pursuing-healthcare-targets" ], "public": 1, "adversary": "FIN12", "targeted_countries": [ "United Kingdom of Great Britain and Northern Ireland", "United Arab Emirates", "Spain", "Korea, Republic of", "Philippines", "Ireland", "Indonesia", "France", "Colombia", "Australia", "United States of America" ], "malware_families": [ { "id": "Cobalt Strike - S0154", "display_name": "Cobalt Strike - S0154", "target": null }, { "id": "Ryuk - S0446", "display_name": "Ryuk - S0446", "target": null }, { "id": "Bazar - S0534", "display_name": "Bazar - S0534", "target": null }, { "id": "TrickBot - S0266", "display_name": "TrickBot - S0266", "target": null } ], "attack_ids": [ { "id": "T1199", "name": "Trusted Relationship", "display_name": "T1199 - Trusted Relationship" }, { "id": "T1471", "name": "Data Encrypted for Impact", "display_name": "T1471 - Data Encrypted for Impact" }, { "id": "T1584.005", "name": "Botnet", "display_name": "T1584.005 - Botnet" } ], "industries": [ "Technology", "Retail", "Manufacturing", "Finance", "Education", "Government", "Medical", "Healthcare" ], "TLP": "white", "cloned_from": null, "export_count": 340, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "URL": 6, "FileHash-MD5": 7, "FileHash-SHA1": 3, "FileHash-SHA256": 3, "domain": 4 }, "indicator_count": 23, "is_author": false, "is_subscribing": null, "subscriber_count": 386633, "modified_text": "1667 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65707c3737e2ab3d6e93bfdd", "name": "FIN12: The Prolific Ransomware Intrusion Threat Actor That Has Aggressively Pursued Healthcare Targets", "description": "", "modified": "2023-12-06T13:50:47.029000", "created": "2023-12-06T13:50:47.029000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 4, "URL": 6, "FileHash-MD5": 7, "FileHash-SHA1": 3, "FileHash-SHA256": 3 }, "indicator_count": 23, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "907 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "https://hdhuge.com/files/remove.gif", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "https://hdhuge.com/files/remove.gif", "type": "URL", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1780292181.3190517 }