{ "type": "URL", "indicator": "https://hybridpowerit.com/", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "https://hybridpowerit.com/", "type": "url", "type_title": "URL", "validation": [], "base_indicator": { "id": 3950649436, "indicator": "https://hybridpowerit.com/", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 3, "pulses": [ { "id": "66d5de299d825d5ba3c4b82b", "name": "The Emerging Dynamics of Deepfake Scam Campaigns on the Web", "description": "Researchers have uncovered dozens of scam campaigns utilizing deepfake videos featuring public figures like CEOs, news anchors, and government officials. These campaigns target victims in multiple countries using various languages. The scams promote fake investment schemes and government giveaways. Hundreds of domains have been used, each accessed an average of 114,000 times globally. The campaigns likely originate from a single threat actor group using similar infrastructure and tactics. Despite the use of generative AI, traditional investigative techniques remain useful for identifying the hosting infrastructure. As malicious use of deepfakes increases, proactive detection and prevention efforts are crucial.", "modified": "2024-09-02T15:53:44.373000", "created": "2024-09-02T15:47:53.536000", "tags": [ "scams", "ai", "social engineering", "deepfakes", "investment fraud", "infrastructure analysis", "phishing", "impersonation" ], "references": [ "https://unit42.paloaltonetworks.com/dynamics-of-deepfake-scams" ], "public": 1, "adversary": "", "targeted_countries": [ "Canada", "Mexico", "France", "Italy", "Czechia", "Singapore", "Kazakhstan", "Uzbekistan" ], "malware_families": [], "attack_ids": [ { "id": "T1583", "name": "Acquire Infrastructure", "display_name": "T1583 - Acquire Infrastructure" }, { "id": "T1592", "name": "Gather Victim Host Information", "display_name": "T1592 - Gather Victim Host Information" }, { "id": "T1589", "name": "Gather Victim Identity Information", "display_name": "T1589 - Gather Victim Identity Information" }, { "id": "T1584", "name": "Compromise Infrastructure", "display_name": "T1584 - Compromise Infrastructure" }, { "id": "T1586", "name": "Compromise Accounts", "display_name": "T1586 - Compromise Accounts" }, { "id": "T1608", "name": "Stage Capabilities", "display_name": "T1608 - Stage Capabilities" }, { "id": "T1204", "name": "User Execution", "display_name": "T1204 - User Execution" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1585", "name": "Establish Accounts", "display_name": "T1585 - Establish Accounts" }, { "id": "T1588", "name": "Obtain Capabilities", "display_name": "T1588 - Obtain Capabilities" } ], "industries": [ "Finance", "Government", "Energy" ], "TLP": "white", "cloned_from": null, "export_count": 86, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "URL": 11, "domain": 416, "hostname": 1 }, "indicator_count": 428, "is_author": false, "is_subscribing": null, "subscriber_count": 387004, "modified_text": "638 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "66d0a4489d413763be480fd2", "name": "The Emerging Dynamics of Deepfake Scam Campaigns on the Web", "description": "Researchers uncovered dozens of scam campaigns utilizing deepfake videos impersonating public figures to promote fake investment schemes and government-sponsored giveaways. These campaigns targeted victims across multiple countries, with websites averaging 114,000 visits each. Though using generative AI, traditional investigative techniques identified the shared hosting infrastructure, suggesting a single threat actor group behind many campaigns. As deepfake technology becomes more accessible, proactive defense against such scams is crucial.", "modified": "2024-08-29T17:23:07.830000", "created": "2024-08-29T16:39:36.526000", "tags": [ "impersonation", "fraud", "scams", "genai", "deepfakes" ], "references": [ "https://unit42.paloaltonetworks.com/dynamics-of-deepfake-scams/" ], "public": 1, "adversary": "", "targeted_countries": [ "Canada", "Mexico", "France", "Italy", "Czechia", "Singapore", "Kazakhstan", "Uzbekistan" ], "malware_families": [], "attack_ids": [ { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1107", "name": "File Deletion", "display_name": "T1107 - File Deletion" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1078", "name": "Valid Accounts", "display_name": "T1078 - Valid Accounts" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1598", "name": "Phishing for Information", "display_name": "T1598 - Phishing for Information" }, { "id": "T1588", "name": "Obtain Capabilities", "display_name": "T1588 - Obtain Capabilities" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 109, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "URL": 11, "hostname": 1 }, "indicator_count": 12, "is_author": false, "is_subscribing": null, "subscriber_count": 387006, "modified_text": "642 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "66d07ed6e35a0beeeb5a77bd", "name": "The Emerging Dynamics of Deepfake Scam Campaigns on the Web", "description": "A study by Palo Alto Networks reveals how deepfake videos are being used to spread fake investment schemes and fake government-sponsored giveaways across the globe, as well as how they are spread by threat actors.", "modified": "2024-08-29T13:59:50.711000", "created": "2024-08-29T13:59:50.711000", "tags": [ "quantum ai", "video url", "elon musk", "figure", "country", "singapore", "prime minister", "mexico", "italy", "president", "italian", "turkish", "czech", "june", "next", "february", "april", "service" ], "references": [ "https://unit42.paloaltonetworks.com/dynamics-of-deepfake-scams/" ], "public": 1, "adversary": "", "targeted_countries": [ "Canada", "Mexico", "France", "Italy", "T\u00fcrkiye", "Singapore", "Kazakhstan", "Uzbekistan" ], "malware_families": [], "attack_ids": [ { "id": "T1102", "name": "Web Service", "display_name": "T1102 - Web Service" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1125", "name": "Video Capture", "display_name": "T1125 - Video Capture" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1176", "name": "Browser Extensions", "display_name": "T1176 - Browser Extensions" }, { "id": "T1123", "name": "Audio Capture", "display_name": "T1123 - Audio Capture" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunter_NL", "id": "171283", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_171283/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 11, "domain": 419, "hostname": 1 }, "indicator_count": 431, "is_author": false, "is_subscribing": null, "subscriber_count": 862, "modified_text": "642 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [ "https://unit42.paloaltonetworks.com/dynamics-of-deepfake-scams", "https://unit42.paloaltonetworks.com/dynamics-of-deepfake-scams/" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [ "Government", "Energy", "Finance" ], "unique_indicators": 428 }, "other": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 431 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/hybridpowerit.com", "whois": "http://whois.domaintools.com/hybridpowerit.com", "domain": "hybridpowerit.com", "hostname": "Unavailable" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 3, "pulses": [ { "id": "66d5de299d825d5ba3c4b82b", "name": "The Emerging Dynamics of Deepfake Scam Campaigns on the Web", "description": "Researchers have uncovered dozens of scam campaigns utilizing deepfake videos featuring public figures like CEOs, news anchors, and government officials. These campaigns target victims in multiple countries using various languages. The scams promote fake investment schemes and government giveaways. Hundreds of domains have been used, each accessed an average of 114,000 times globally. The campaigns likely originate from a single threat actor group using similar infrastructure and tactics. Despite the use of generative AI, traditional investigative techniques remain useful for identifying the hosting infrastructure. As malicious use of deepfakes increases, proactive detection and prevention efforts are crucial.", "modified": "2024-09-02T15:53:44.373000", "created": "2024-09-02T15:47:53.536000", "tags": [ "scams", "ai", "social engineering", "deepfakes", "investment fraud", "infrastructure analysis", "phishing", "impersonation" ], "references": [ "https://unit42.paloaltonetworks.com/dynamics-of-deepfake-scams" ], "public": 1, "adversary": "", "targeted_countries": [ "Canada", "Mexico", "France", "Italy", "Czechia", "Singapore", "Kazakhstan", "Uzbekistan" ], "malware_families": [], "attack_ids": [ { "id": "T1583", "name": "Acquire Infrastructure", "display_name": "T1583 - Acquire Infrastructure" }, { "id": "T1592", "name": "Gather Victim Host Information", "display_name": "T1592 - Gather Victim Host Information" }, { "id": "T1589", "name": "Gather Victim Identity Information", "display_name": "T1589 - Gather Victim Identity Information" }, { "id": "T1584", "name": "Compromise Infrastructure", "display_name": "T1584 - Compromise Infrastructure" }, { "id": "T1586", "name": "Compromise Accounts", "display_name": "T1586 - Compromise Accounts" }, { "id": "T1608", "name": "Stage Capabilities", "display_name": "T1608 - Stage Capabilities" }, { "id": "T1204", "name": "User Execution", "display_name": "T1204 - User Execution" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1585", "name": "Establish Accounts", "display_name": "T1585 - Establish Accounts" }, { "id": "T1588", "name": "Obtain Capabilities", "display_name": "T1588 - Obtain Capabilities" } ], "industries": [ "Finance", "Government", "Energy" ], "TLP": "white", "cloned_from": null, "export_count": 86, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "URL": 11, "domain": 416, "hostname": 1 }, "indicator_count": 428, "is_author": false, "is_subscribing": null, "subscriber_count": 387004, "modified_text": "638 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "66d0a4489d413763be480fd2", "name": "The Emerging Dynamics of Deepfake Scam Campaigns on the Web", "description": "Researchers uncovered dozens of scam campaigns utilizing deepfake videos impersonating public figures to promote fake investment schemes and government-sponsored giveaways. These campaigns targeted victims across multiple countries, with websites averaging 114,000 visits each. Though using generative AI, traditional investigative techniques identified the shared hosting infrastructure, suggesting a single threat actor group behind many campaigns. As deepfake technology becomes more accessible, proactive defense against such scams is crucial.", "modified": "2024-08-29T17:23:07.830000", "created": "2024-08-29T16:39:36.526000", "tags": [ "impersonation", "fraud", "scams", "genai", "deepfakes" ], "references": [ "https://unit42.paloaltonetworks.com/dynamics-of-deepfake-scams/" ], "public": 1, "adversary": "", "targeted_countries": [ "Canada", "Mexico", "France", "Italy", "Czechia", "Singapore", "Kazakhstan", "Uzbekistan" ], "malware_families": [], "attack_ids": [ { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1107", "name": "File Deletion", "display_name": "T1107 - File Deletion" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1078", "name": "Valid Accounts", "display_name": "T1078 - Valid Accounts" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1598", "name": "Phishing for Information", "display_name": "T1598 - Phishing for Information" }, { "id": "T1588", "name": "Obtain Capabilities", "display_name": "T1588 - Obtain Capabilities" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 109, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "URL": 11, "hostname": 1 }, "indicator_count": 12, "is_author": false, "is_subscribing": null, "subscriber_count": 387006, "modified_text": "642 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "66d07ed6e35a0beeeb5a77bd", "name": "The Emerging Dynamics of Deepfake Scam Campaigns on the Web", "description": "A study by Palo Alto Networks reveals how deepfake videos are being used to spread fake investment schemes and fake government-sponsored giveaways across the globe, as well as how they are spread by threat actors.", "modified": "2024-08-29T13:59:50.711000", "created": "2024-08-29T13:59:50.711000", "tags": [ "quantum ai", "video url", "elon musk", "figure", "country", "singapore", "prime minister", "mexico", "italy", "president", "italian", "turkish", "czech", "june", "next", "february", "april", "service" ], "references": [ "https://unit42.paloaltonetworks.com/dynamics-of-deepfake-scams/" ], "public": 1, "adversary": "", "targeted_countries": [ "Canada", "Mexico", "France", "Italy", "T\u00fcrkiye", "Singapore", "Kazakhstan", "Uzbekistan" ], "malware_families": [], "attack_ids": [ { "id": "T1102", "name": "Web Service", "display_name": "T1102 - Web Service" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1125", "name": "Video Capture", "display_name": "T1125 - Video Capture" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1176", "name": "Browser Extensions", "display_name": "T1176 - Browser Extensions" }, { "id": "T1123", "name": "Audio Capture", "display_name": "T1123 - Audio Capture" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunter_NL", "id": "171283", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_171283/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 11, "domain": 419, "hostname": 1 }, "indicator_count": 431, "is_author": false, "is_subscribing": null, "subscriber_count": 862, "modified_text": "642 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "https://hybridpowerit.com/", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "https://hybridpowerit.com/", "type": "URL", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1780460967.313222 }