{ "type": "URL", "indicator": "https://jonathanhardwick.me/hardwick.jar~start", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "https://jonathanhardwick.me/hardwick.jar~start", "type": "url", "type_title": "URL", "validation": [], "base_indicator": { "id": 3657554445, "indicator": "https://jonathanhardwick.me/hardwick.jar~start", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 2, "pulses": [ { "id": "642ee9049e0f39ede5fafa88", "name": "Arid Viper Hacking Group Using Upgraded Malware in Middle East Cyber Attacks", "description": "The threat actor known as Arid Viper has been observed using refreshed variants of its malware toolkit in its attacks targeting Palestinian entities since September 2022.\n\nSymantec, which is tracking the group under its insect-themed moniker Mantis, said the adversary is \"going to great lengths to maintain a persistent presence on targeted networks.\"\n\nAlso known by the names APT-C-23 and Desert Falcon, the hacking group has been linked to attacks aimed at Palestine and the Middle East at least since 2014.\n\nMantis has used an arsenal of homemade malware tools such as ViperRat, FrozenCell (aka VolatileVenom), and Micropsia to execute and conceal its campaigns across Windows, Android, and iOS platforms.", "modified": "2023-04-06T15:45:08.340000", "created": "2023-04-06T15:45:08.340000", "tags": [ "verblecon", "windows", "infectionid", "discord", "storageleveldb", "symantec", "min read", "new loader", "attacks", "home threat", "next", "date", "main", "tools", "pass", "team", "mantis", "close" ], "references": [ "https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/verblecon-sophisticated-malware-cryptocurrency-mining-discord", "https://thehackernews.com/2023/04/arid-viper-hacking-group-using-upgraded.html" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Verblecon", "display_name": "Verblecon", "target": null } ], "attack_ids": [ { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1134", "name": "Access Token Manipulation", "display_name": "T1134 - Access Token Manipulation" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 310, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "dekaRituraj", "id": "99856", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_99856/resized/80/avatar_0e93d502b7.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 8, "FileHash-MD5": 5, "FileHash-SHA1": 3, "FileHash-SHA256": 3, "domain": 5, "hostname": 2 }, "indicator_count": 26, "is_author": false, "is_subscribing": null, "subscriber_count": 434, "modified_text": "1153 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "642c048b6a8f60d20b7fe8b8", "name": "Verblecon: Sophisticated New Loader Used in Low-level Attacks | Symantec Enterprise Blogs", "description": "An unknown attacker is using a complex and powerful malware loader in low-level attacks, according to security analysts from Symantec and the UK-based firm, which specialises in security software.", "modified": "2023-04-04T11:05:47.859000", "created": "2023-04-04T11:05:47.859000", "tags": [ "verblecon", "windows", "infectionid", "discord", "storageleveldb", "symantec", "min read", "new loader", "attacks", "home threat", "next", "date", "main", "tools", "pass", "team", "close" ], "references": [ "https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/verblecon-sophisticated-malware-cryptocurrency-mining-discord" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Verblecon", "display_name": "Verblecon", "target": null } ], "attack_ids": [ { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1134", "name": "Access Token Manipulation", "display_name": "T1134 - Access Token Manipulation" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunter_NL", "id": "171283", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_171283/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 8, "FileHash-MD5": 5, "FileHash-SHA1": 3, "FileHash-SHA256": 3, "domain": 5, "hostname": 2 }, "indicator_count": 26, "is_author": false, "is_subscribing": null, "subscriber_count": 863, "modified_text": "1155 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [ "https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/verblecon-sophisticated-malware-cryptocurrency-mining-discord", "https://thehackernews.com/2023/04/arid-viper-hacking-group-using-upgraded.html" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 0 }, "other": { "adversary": [], "malware_families": [ "Verblecon" ], "industries": [], "unique_indicators": 26 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/jonathanhardwick.me", "whois": "http://whois.domaintools.com/jonathanhardwick.me", "domain": "jonathanhardwick.me", "hostname": "Unavailable" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 2, "pulses": [ { "id": "642ee9049e0f39ede5fafa88", "name": "Arid Viper Hacking Group Using Upgraded Malware in Middle East Cyber Attacks", "description": "The threat actor known as Arid Viper has been observed using refreshed variants of its malware toolkit in its attacks targeting Palestinian entities since September 2022.\n\nSymantec, which is tracking the group under its insect-themed moniker Mantis, said the adversary is \"going to great lengths to maintain a persistent presence on targeted networks.\"\n\nAlso known by the names APT-C-23 and Desert Falcon, the hacking group has been linked to attacks aimed at Palestine and the Middle East at least since 2014.\n\nMantis has used an arsenal of homemade malware tools such as ViperRat, FrozenCell (aka VolatileVenom), and Micropsia to execute and conceal its campaigns across Windows, Android, and iOS platforms.", "modified": "2023-04-06T15:45:08.340000", "created": "2023-04-06T15:45:08.340000", "tags": [ "verblecon", "windows", "infectionid", "discord", "storageleveldb", "symantec", "min read", "new loader", "attacks", "home threat", "next", "date", "main", "tools", "pass", "team", "mantis", "close" ], "references": [ "https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/verblecon-sophisticated-malware-cryptocurrency-mining-discord", "https://thehackernews.com/2023/04/arid-viper-hacking-group-using-upgraded.html" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Verblecon", "display_name": "Verblecon", "target": null } ], "attack_ids": [ { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1134", "name": "Access Token Manipulation", "display_name": "T1134 - Access Token Manipulation" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 310, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "dekaRituraj", "id": "99856", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_99856/resized/80/avatar_0e93d502b7.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 8, "FileHash-MD5": 5, "FileHash-SHA1": 3, "FileHash-SHA256": 3, "domain": 5, "hostname": 2 }, "indicator_count": 26, "is_author": false, "is_subscribing": null, "subscriber_count": 434, "modified_text": "1153 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "642c048b6a8f60d20b7fe8b8", "name": "Verblecon: Sophisticated New Loader Used in Low-level Attacks | Symantec Enterprise Blogs", "description": "An unknown attacker is using a complex and powerful malware loader in low-level attacks, according to security analysts from Symantec and the UK-based firm, which specialises in security software.", "modified": "2023-04-04T11:05:47.859000", "created": "2023-04-04T11:05:47.859000", "tags": [ "verblecon", "windows", "infectionid", "discord", "storageleveldb", "symantec", "min read", "new loader", "attacks", "home threat", "next", "date", "main", "tools", "pass", "team", "close" ], "references": [ "https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/verblecon-sophisticated-malware-cryptocurrency-mining-discord" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Verblecon", "display_name": "Verblecon", "target": null } ], "attack_ids": [ { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1134", "name": "Access Token Manipulation", "display_name": "T1134 - Access Token Manipulation" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunter_NL", "id": "171283", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_171283/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 8, "FileHash-MD5": 5, "FileHash-SHA1": 3, "FileHash-SHA256": 3, "domain": 5, "hostname": 2 }, "indicator_count": 26, "is_author": false, "is_subscribing": null, "subscriber_count": 863, "modified_text": "1155 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "https://jonathanhardwick.me/hardwick.jar~start", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "https://jonathanhardwick.me/hardwick.jar~start", "type": "URL", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1780423527.0085635 }