{ "type": "URL", "indicator": "https://mail.simon.sttdiakonos.ac.id/zcry/gem2.exe", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "https://mail.simon.sttdiakonos.ac.id/zcry/gem2.exe", "type": "url", "type_title": "URL", "validation": [], "base_indicator": { "id": 4025995204, "indicator": "https://mail.simon.sttdiakonos.ac.id/zcry/gem2.exe", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 2, "pulses": [ { "id": "672f70d470cdbab07d3bdb8f", "name": "URLHaus Recent URLs", "description": "", "modified": "2025-05-15T13:30:30.738000", "created": "2024-11-09T14:25:24.551000", "tags": [], "references": [ "https://urlhaus.abuse.ch/downloads/csv_recent/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 6, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "ameermane", "id": "77501", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 313720 }, "indicator_count": 313720, "is_author": false, "is_subscribing": null, "subscriber_count": 91, "modified_text": "380 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "679b5efa5d923a359b46f95b", "name": "Threat Intel Report - W02-2025", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced \nfrom various channels and tools.\nThese are weekly base recommendations to all IT Administrators and CISOs to take corrective \nactions to upgrade their security infrastructure against newly identified threats and attacks in this \nweek.\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner \nthrough manual or automated tools.\nThese details may be used as an additional layer to verify the current security posture of an \norganization against latest cyber trends.", "modified": "2025-03-01T11:00:13.105000", "created": "2025-01-30T11:14:02.450000", "tags": [ "tech mahindra", "csrmirteam", "threat report", "cobaltstrike", "united kingdom", "brazil", "germany", "blacklist host", "ip country", "latest spambot", "coinminer", "cobalt strike", "indonesia", "ukraine", "agent tesla", "rats", "asyncrat", "proton", "malware", "date", "sliver", "privateloader", "cridex", "meduza stealer", "sagecrypt", "redlinestealer", "quasarrat", "xmrig", "calendar", "designer", "silk typhoon", "lumma" ], "references": [ "https://urlhaus.abuse.ch/", "https://any.run/malware-trends/" ], "public": 1, "adversary": "Silk Typhoon", "targeted_countries": [ "United States of America", "Japan" ], "malware_families": [ { "id": "Lumma", "display_name": "Lumma", "target": null } ], "attack_ids": [], "industries": [ "Cryptocurrency" ], "TLP": "white", "cloned_from": null, "export_count": 43, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 61, "URL": 134, "FileHash-MD5": 16, "FileHash-SHA1": 16, "FileHash-SHA256": 17, "CVE": 1, "hostname": 122 }, "indicator_count": 367, "is_author": false, "is_subscribing": null, "subscriber_count": 108, "modified_text": "455 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [ "https://urlhaus.abuse.ch/", "https://urlhaus.abuse.ch/downloads/csv_recent/", "https://any.run/malware-trends/" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 0 }, "other": { "adversary": [ "Silk Typhoon" ], "malware_families": [ "Lumma" ], "industries": [ "Cryptocurrency" ], "unique_indicators": 313262 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/sttdiakonos.ac.id", "whois": "http://whois.domaintools.com/sttdiakonos.ac.id", "domain": "sttdiakonos.ac.id", "hostname": "mail.simon.sttdiakonos.ac.id" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 2, "pulses": [ { "id": "672f70d470cdbab07d3bdb8f", "name": "URLHaus Recent URLs", "description": "", "modified": "2025-05-15T13:30:30.738000", "created": "2024-11-09T14:25:24.551000", "tags": [], "references": [ "https://urlhaus.abuse.ch/downloads/csv_recent/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 6, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "ameermane", "id": "77501", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 313720 }, "indicator_count": 313720, "is_author": false, "is_subscribing": null, "subscriber_count": 91, "modified_text": "380 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "679b5efa5d923a359b46f95b", "name": "Threat Intel Report - W02-2025", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced \nfrom various channels and tools.\nThese are weekly base recommendations to all IT Administrators and CISOs to take corrective \nactions to upgrade their security infrastructure against newly identified threats and attacks in this \nweek.\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner \nthrough manual or automated tools.\nThese details may be used as an additional layer to verify the current security posture of an \norganization against latest cyber trends.", "modified": "2025-03-01T11:00:13.105000", "created": "2025-01-30T11:14:02.450000", "tags": [ "tech mahindra", "csrmirteam", "threat report", "cobaltstrike", "united kingdom", "brazil", "germany", "blacklist host", "ip country", "latest spambot", "coinminer", "cobalt strike", "indonesia", "ukraine", "agent tesla", "rats", "asyncrat", "proton", "malware", "date", "sliver", "privateloader", "cridex", "meduza stealer", "sagecrypt", "redlinestealer", "quasarrat", "xmrig", "calendar", "designer", "silk typhoon", "lumma" ], "references": [ "https://urlhaus.abuse.ch/", "https://any.run/malware-trends/" ], "public": 1, "adversary": "Silk Typhoon", "targeted_countries": [ "United States of America", "Japan" ], "malware_families": [ { "id": "Lumma", "display_name": "Lumma", "target": null } ], "attack_ids": [], "industries": [ "Cryptocurrency" ], "TLP": "white", "cloned_from": null, "export_count": 43, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 61, "URL": 134, "FileHash-MD5": 16, "FileHash-SHA1": 16, "FileHash-SHA256": 17, "CVE": 1, "hostname": 122 }, "indicator_count": 367, "is_author": false, "is_subscribing": null, "subscriber_count": 108, "modified_text": "455 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "https://mail.simon.sttdiakonos.ac.id/zcry/gem2.exe", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "https://mail.simon.sttdiakonos.ac.id/zcry/gem2.exe", "type": "URL", "found": true, "verdict": "malicious", "url_status": "offline", "threat": "malware_download", "tags": [ "CoinMiner", "exe", "opendir" ], "date_added": "2025-01-11", "last_online": "2025-01-16", "reporter": "NDA0E", "host": "mail.simon.sttdiakonos.ac.id", "payloads": [ { "filename": null, "file_type": "exe", "md5": "990a3f3b1273510f210fb9b541da219f", "sha256": "35a8d03f86ae6f92424d6424fe0805d338eccedff177b400182102685299022c", "signature": "CoinMiner", "first_seen": "2025-01-13" }, { "filename": null, "file_type": "exe", "md5": "be89d598cd96443479c02b022ff70532", "sha256": "a4c4487dcacebf5048b2266233f5645cfe421154f26e6685ced36aa0621037f1", "signature": null, "first_seen": "2025-01-11" } ], "error": null }, "from_cache": true, "_cached_at": 1780204375.6436925 }