{ "type": "URL", "indicator": "https://ks.evil.gooogleasia.com", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "https://ks.evil.gooogleasia.com", "type": "url", "type_title": "URL", "validation": [], "base_indicator": { "id": 4063309061, "indicator": "https://ks.evil.gooogleasia.com", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 3, "pulses": [ { "id": "682dd4e25a347684b2dfeabe", "name": "Apple Radar? Manipulated iOS products access , manipulate , control technology in periphery", "description": "Apple product(s) using radar? access nearby tech, (Apple products, other brands, televisions, MP3 players). Target reports other devices have been erased, refreshed, truncated,. .https://ssdauthority.com/does-sandisk-ixpand-work-on-windows/ |\nssdauthority.com |\nradarsubmissions.apple.com |\nsecure.www.apple.com\nThis will take further, in depth investigation. I can\u2019t explain what seems fantastical and be. considered sane. Many files resolved already.", "modified": "2025-06-20T12:05:58.229000", "created": "2025-05-21T13:28:01.980000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 20, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 637, "CVE": 1, "FileHash-MD5": 26, "FileHash-SHA1": 25, "FileHash-SHA256": 1296, "domain": 170, "hostname": 369 }, "indicator_count": 2524, "is_author": false, "is_subscribing": null, "subscriber_count": 137, "modified_text": "304 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "682cfb53a84a74af05540d11", "name": "PredatorTheStealer found on Updated iOS (plural)", "description": "PredatorTheStealer (FileHash-SHA256 000054b3c872904de589f504b020b8a0a60ee3e6f6f490c05024fa2a117aeef7 || MITRE ATT&CK Tactics and Techniques\nExecution | TA0002Persistence | TA0003 \nPrivilege Escalation TA0004 Defense Evasion \nTA0005 Credential Access TA0006\nDiscovery TA0009 Collection\nTA0009 Command and Control\nTA0011 Impact | may destroy data and files on specific systems or in large numbers on a network to interrupt availability to systems, services, and network resources. | Malware Behavior Catalog Tree: \nAnti-Static Analysis\nOB0002\nCollection\nOB0003\nCommand and Control\nOB0004\nCredential Access\nOB0005\nDefense Evasion\nOB0006\nDiscovery\nOB0007\nImpact\nOB0008\nFile System\nOC0001\nProcess\nOC0003\nData\nOC0004\nCryptography\nOC0005\nCommunication\nOC0006\nOperating System\nOC0008\nCapabilities |\nLoad-Code | Capabilities\nLoad-Code\nCollection\nCommunication\nHost-Interaction\nLinking\nData-Manipulation\nAnti-Analysis", "modified": "2025-06-19T21:02:08.632000", "created": "2025-05-20T21:59:47.193000", "tags": [ "pe32", "intel", "ms windows", "win32 dynamic", "link library", "win16 ne", "os2 executable", "pe32 compiler", "exe32", "compiler", "contained", "type", "language", "sha256", "get http", "post http", "dns resolutions", "resolved ips" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 18, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 175, "FileHash-MD5": 15, "FileHash-SHA1": 3, "domain": 52, "hostname": 91, "URL": 153 }, "indicator_count": 489, "is_author": false, "is_subscribing": null, "subscriber_count": 137, "modified_text": "305 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "682bef60c4841f09773d1c7f", "name": "Expanded: Close proximity RMS module attack. Critical infrastructure affected. Medical, Business, Legal., Religious institutions", "description": "Close proximity hacking tool used following stalking event. Connecting to device attacks other devices and critical systems.\nPegasusLoader expanded. \nCritical Issues \niOS is now an unidentifiable device.\nDuckDuckGo Search engine\nhas emoji arrows \nIOS default Google search engine has overlay and continuous flooding of bad traffic. Severe DNS issue. Botnet involvement, height priority messages intercepted. \nExcessive abuse of Mitre T1480 Execution Gaurdrails .Geopfencing. Targets attacked by illegal PegasusLoader.exe cannot use iOS devices as designed paid the same price as everyone. \n\nI can\u2019t explain how iCloud only backs up to unknown devices. Users have zero control of any technology devices or content.\nThreat actors have remotely rebuilt device infrastructure / architecture.\n-Team 8", "modified": "2025-06-19T02:03:50.197000", "created": "2025-05-20T02:56:31.741000", "tags": [ "win32 exe", "file type", "name file", "text state", "text", "text geoip6", "csv geoip", "get https", "dns resolutions", "number", "cnwe1 ogoogle", "trust", "cus subject", "response" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 27, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 71, "FileHash-SHA1": 176, "FileHash-SHA256": 3815, "URL": 2239, "domain": 850, "hostname": 906 }, "indicator_count": 8057, "is_author": false, "is_subscribing": null, "subscriber_count": 142, "modified_text": "305 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 0 }, "other": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 11211 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/gooogleasia.com", "whois": "http://whois.domaintools.com/gooogleasia.com", "domain": "gooogleasia.com", "hostname": "ks.evil.gooogleasia.com" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 3, "pulses": [ { "id": "682dd4e25a347684b2dfeabe", "name": "Apple Radar? Manipulated iOS products access , manipulate , control technology in periphery", "description": "Apple product(s) using radar? access nearby tech, (Apple products, other brands, televisions, MP3 players). Target reports other devices have been erased, refreshed, truncated,. .https://ssdauthority.com/does-sandisk-ixpand-work-on-windows/ |\nssdauthority.com |\nradarsubmissions.apple.com |\nsecure.www.apple.com\nThis will take further, in depth investigation. I can\u2019t explain what seems fantastical and be. considered sane. Many files resolved already.", "modified": "2025-06-20T12:05:58.229000", "created": "2025-05-21T13:28:01.980000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 20, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 637, "CVE": 1, "FileHash-MD5": 26, "FileHash-SHA1": 25, "FileHash-SHA256": 1296, "domain": 170, "hostname": 369 }, "indicator_count": 2524, "is_author": false, "is_subscribing": null, "subscriber_count": 137, "modified_text": "304 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "682cfb53a84a74af05540d11", "name": "PredatorTheStealer found on Updated iOS (plural)", "description": "PredatorTheStealer (FileHash-SHA256 000054b3c872904de589f504b020b8a0a60ee3e6f6f490c05024fa2a117aeef7 || MITRE ATT&CK Tactics and Techniques\nExecution | TA0002Persistence | TA0003 \nPrivilege Escalation TA0004 Defense Evasion \nTA0005 Credential Access TA0006\nDiscovery TA0009 Collection\nTA0009 Command and Control\nTA0011 Impact | may destroy data and files on specific systems or in large numbers on a network to interrupt availability to systems, services, and network resources. | Malware Behavior Catalog Tree: \nAnti-Static Analysis\nOB0002\nCollection\nOB0003\nCommand and Control\nOB0004\nCredential Access\nOB0005\nDefense Evasion\nOB0006\nDiscovery\nOB0007\nImpact\nOB0008\nFile System\nOC0001\nProcess\nOC0003\nData\nOC0004\nCryptography\nOC0005\nCommunication\nOC0006\nOperating System\nOC0008\nCapabilities |\nLoad-Code | Capabilities\nLoad-Code\nCollection\nCommunication\nHost-Interaction\nLinking\nData-Manipulation\nAnti-Analysis", "modified": "2025-06-19T21:02:08.632000", "created": "2025-05-20T21:59:47.193000", "tags": [ "pe32", "intel", "ms windows", "win32 dynamic", "link library", "win16 ne", "os2 executable", "pe32 compiler", "exe32", "compiler", "contained", "type", "language", "sha256", "get http", "post http", "dns resolutions", "resolved ips" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 18, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 175, "FileHash-MD5": 15, "FileHash-SHA1": 3, "domain": 52, "hostname": 91, "URL": 153 }, "indicator_count": 489, "is_author": false, "is_subscribing": null, "subscriber_count": 137, "modified_text": "305 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "682bef60c4841f09773d1c7f", "name": "Expanded: Close proximity RMS module attack. Critical infrastructure affected. Medical, Business, Legal., Religious institutions", "description": "Close proximity hacking tool used following stalking event. Connecting to device attacks other devices and critical systems.\nPegasusLoader expanded. \nCritical Issues \niOS is now an unidentifiable device.\nDuckDuckGo Search engine\nhas emoji arrows \nIOS default Google search engine has overlay and continuous flooding of bad traffic. Severe DNS issue. Botnet involvement, height priority messages intercepted. \nExcessive abuse of Mitre T1480 Execution Gaurdrails .Geopfencing. Targets attacked by illegal PegasusLoader.exe cannot use iOS devices as designed paid the same price as everyone. \n\nI can\u2019t explain how iCloud only backs up to unknown devices. Users have zero control of any technology devices or content.\nThreat actors have remotely rebuilt device infrastructure / architecture.\n-Team 8", "modified": "2025-06-19T02:03:50.197000", "created": "2025-05-20T02:56:31.741000", "tags": [ "win32 exe", "file type", "name file", "text state", "text", "text geoip6", "csv geoip", "get https", "dns resolutions", "number", "cnwe1 ogoogle", "trust", "cus subject", "response" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 27, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 71, "FileHash-SHA1": 176, "FileHash-SHA256": 3815, "URL": 2239, "domain": 850, "hostname": 906 }, "indicator_count": 8057, "is_author": false, "is_subscribing": null, "subscriber_count": 142, "modified_text": "305 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "https://ks.evil.gooogleasia.com", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "https://ks.evil.gooogleasia.com", "type": "URL", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1776724718.04999 }