{ "type": "URL", "indicator": "https://manage.biteupdates.site/", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "https://manage.biteupdates.site/", "type": "url", "type_title": "URL", "validation": [], "base_indicator": { "id": 3358623853, "indicator": "https://manage.biteupdates.site/", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 4, "pulses": [ { "id": "6826f0d79475b9bb04e45c22", "name": "DoNot Go! Do not respawn!", "description": "", "modified": "2025-06-15T08:05:52.460000", "created": "2025-05-16T08:01:27.804000", "tags": [ "donot team", "figure", "computername", "userprofile", "strong", "username", "team", "victimid", "darkmusical", "gedit", "download", "cve201711882", "february", "donot", "python", "june", "ransomhub", "tips", "malware", "ehdevel", "autoit", "troy", "phishing" ], "references": [ "https://www.welivesecurity.com/2022/01/18/donot-go-do-not-respawn/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1005", "name": "Data from Local System", "display_name": "T1005 - Data from Local System" }, { "id": "T1025", "name": "Data from Removable Media", "display_name": "T1025 - Data from Removable Media" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1048", "name": "Exfiltration Over Alternative Protocol", "display_name": "T1048 - Exfiltration Over Alternative Protocol" }, { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1074", "name": "Data Staged", "display_name": "T1074 - Data Staged" }, { "id": "T1113", "name": "Screen Capture", "display_name": "T1113 - Screen Capture" }, { "id": "T1203", "name": "Exploitation for Client Execution", "display_name": "T1203 - Exploitation for Client Execution" }, { "id": "T1204", "name": "User Execution", "display_name": "T1204 - User Execution" }, { "id": "T1534", "name": "Internal Spearphishing", "display_name": "T1534 - Internal Spearphishing" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1588", "name": "Obtain Capabilities", "display_name": "T1588 - Obtain Capabilities" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 18, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunter_NL", "id": "171283", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_171283/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 1, "FileHash-MD5": 39, "FileHash-SHA1": 57, "FileHash-SHA256": 39, "URL": 21, "domain": 7, "hostname": 9 }, "indicator_count": 173, "is_author": false, "is_subscribing": null, "subscriber_count": 845, "modified_text": "308 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "66246ff49ed29ea9bb2bf122", "name": "S\u0105d Rejonowy w Jeleniej Gorze POLAND", "description": "Przechowywania lub dost\u0119pu do plik\u00f3w cookies w Twojej przegl\u0105darce\nhttps://www.virustotal.com/gui/domain/jelenia-gora.sr.gov.pl/relations", "modified": "2025-05-14T21:18:36.989000", "created": "2024-04-21T01:46:28.554000", "tags": [ "jeleniej grze", "aktualnoci", "informacje", "jednostka", "rejonowy", "konkurs", "najczciej", "sd rejonowy", "przejd", "czytaj", "click", "sdzia jarosaw", "wydziau", "sdzia grzegorz", "katarzyna", "rudnicka dane", "kontaktowe sd", "jelenia gra", "mickiewicza", "zawarto", "html", "nazwa meta", "robotw", "telefon", "brak", "skala", "ua zgodna", "head body", "zasb", "cname", "kod odpowiedzi", "kodowanie treci", "wygasa", "gmt serwer", "pragma", "kontrola pamici", "podrcznej", "data", "gmt kontrola", "dostpuzezwl na", "czytaj wicej", "sd okrgowy", "jednostki", "okrgowy", "ogoszenia", "sha256", "vhash", "ssdeep", "https odcisk", "palca jarma", "https dane", "v3 numer", "odcisk palca", "tworzy katalog", "tworzy pliki", "typ pliku", "json", "ascii", "windows", "sqlite", "foxpro fpt", "links typ", "mapa", "152 x", "sqlite w", "sha1", "sha512", "file size", "b file", "testing", "komornik sdowy", "sdzie rejonowym", "tomasz rodacki", "obwieszczenie", "komornicze", "tumacza migam", "tumacz czynny", "zamknite", "wiadczenia", "schedule", "error", "javascript", "bakers hall", "ixaction", "script", "ixchatlauncher", "compatibility", "com dla", "t1055 pewno", "unikanie obrony", "t1036 maskarada", "t1082 pewno", "informacje o", "nazwa pliku", "dokument pdf", "rozmiar pliku", "zapowied", "type", "iii dbt", "utf8", "dziennik" ], "references": [ "S?d Rejonowy w Jeleniej G\u00f3rze.htm", "II Wydzia? Karny - S?d Rejonowy w Jeleniej G\u00f3rze 1.htm", "http://www.jelenia-gora.so.gov.pl/", "https://www.jelenia-gora.so.gov.pl/", "http://www.jelenia-gora.sr.gov.pl/ogloszenia-komornicze", "https://tlumacz.migam.org/sad_rejonowy_jelenia_gora", "https://www.jelenia-gora.sr.gov.pl/spacer", "https://waf.intelix.pl/957476/Chat/Script/Compatibility" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "", "display_name": "", "target": null }, { "id": "serwer", "display_name": "serwer", "target": null } ], "attack_ids": [ { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 24, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "email": 71, "domain": 7651, "hostname": 7680, "IPv4": 331, "FileHash-SHA256": 16168, "URL": 10399, "FileHash-MD5": 3639, "FileHash-SHA1": 3468, "CIDR": 4, "CVE": 89, "YARA": 521, "SSLCertFingerprint": 25, "JA3": 1, "IPv6": 5813 }, "indicator_count": 55860, "is_author": false, "is_subscribing": null, "subscriber_count": 141, "modified_text": "339 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "61e91ddcbe3dc238d0f823e1", "name": "DoNot Go! Do not respawn! | WeLiveSecurity", "description": "Donot Team is a persistent and persistent cyber-espionage group that is targeting government and military entities in South Asia, according to research by security firm ESET and its research team in London.", "modified": "2022-02-19T00:03:23.595000", "created": "2022-01-20T08:31:24.077000", "tags": [ "gedit", "henos", "darkmusical", "windows", "figure", "donot team", "computername", "userprofile", "username", "victimid", "team", "september", "cve201711882", "february", "python", "june", "malware", "ehdevel", "autoit", "troy", "amavaldo", "podcast" ], "references": [ "https://www.welivesecurity.com/2022/01/18/donot-go-do-not-respawn/" ], "public": 1, "adversary": "Windows", "targeted_countries": [ "Pakistan", "Nepal", "Sri Lanka", "Bangladesh" ], "malware_families": [ { "id": "Gedit", "display_name": "Gedit", "target": null }, { "id": "Henos", "display_name": "Henos", "target": null }, { "id": "DarkMusical", "display_name": "DarkMusical", "target": null } ], "attack_ids": [ { "id": "T1559", "name": "Inter-Process Communication", "display_name": "T1559 - Inter-Process Communication" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1102", "name": "Web Service", "display_name": "T1102 - Web Service" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1114", "name": "Email Collection", "display_name": "T1114 - Email Collection" }, { "id": "T1005", "name": "Data from Local System", "display_name": "T1005 - Data from Local System" }, { "id": "T1025", "name": "Data from Removable Media", "display_name": "T1025 - Data from Removable Media" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1048", "name": "Exfiltration Over Alternative Protocol", "display_name": "T1048 - Exfiltration Over Alternative Protocol" }, { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1074", "name": "Data Staged", "display_name": "T1074 - Data Staged" }, { "id": "T1113", "name": "Screen Capture", "display_name": "T1113 - Screen Capture" }, { "id": "T1203", "name": "Exploitation for Client Execution", "display_name": "T1203 - Exploitation for Client Execution" }, { "id": "T1204", "name": "User Execution", "display_name": "T1204 - User Execution" }, { "id": "T1534", "name": "Internal Spearphishing", "display_name": "T1534 - Internal Spearphishing" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1588", "name": "Obtain Capabilities", "display_name": "T1588 - Obtain Capabilities" } ], "industries": [ "Military" ], "TLP": "white", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "caralin0702", "id": "73972", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 7, "CVE": 1, "FileHash-MD5": 18, "FileHash-SHA1": 57, "FileHash-SHA256": 18, "URL": 21, "hostname": 9 }, "indicator_count": 131, "is_author": false, "is_subscribing": null, "subscriber_count": 101, "modified_text": "1520 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "61e7c4429230b85f7e941116", "name": "DoNot Go! Do not respawn! | WeLiveSecurity", "description": "A security researcher from ESET has identified and identified Donot Team, a persistent cyber-espionage group that has been targeting government and military entities in South Asian countries over the last two years.", "modified": "2022-02-18T00:02:29.475000", "created": "2022-01-19T07:56:50.606000", "tags": [ "gedit", "henos", "darkmusical", "windows", "figure", "donot team", "computername", "userprofile", "username", "victimid", "team", "september", "cve201711882", "february", "python", "june", "malware", "ehdevel", "autoit", "troy", "amavaldo", "podcast" ], "references": [ "https://www.welivesecurity.com/2022/01/18/donot-go-do-not-respawn/" ], "public": 1, "adversary": "Windows", "targeted_countries": [ "Pakistan", "Nepal", "Sri Lanka", "Bangladesh" ], "malware_families": [ { "id": "Gedit", "display_name": "Gedit", "target": null }, { "id": "Henos", "display_name": "Henos", "target": null }, { "id": "DarkMusical", "display_name": "DarkMusical", "target": null } ], "attack_ids": [ { "id": "T1559", "name": "Inter-Process Communication", "display_name": "T1559 - Inter-Process Communication" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1102", "name": "Web Service", "display_name": "T1102 - Web Service" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1114", "name": "Email Collection", "display_name": "T1114 - Email Collection" }, { "id": "T1005", "name": "Data from Local System", "display_name": "T1005 - Data from Local System" }, { "id": "T1025", "name": "Data from Removable Media", "display_name": "T1025 - Data from Removable Media" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1048", "name": "Exfiltration Over Alternative Protocol", "display_name": "T1048 - Exfiltration Over Alternative Protocol" }, { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1074", "name": "Data Staged", "display_name": "T1074 - Data Staged" }, { "id": "T1113", "name": "Screen Capture", "display_name": "T1113 - Screen Capture" }, { "id": "T1203", "name": "Exploitation for Client Execution", "display_name": "T1203 - Exploitation for Client Execution" }, { "id": "T1204", "name": "User Execution", "display_name": "T1204 - User Execution" }, { "id": "T1534", "name": "Internal Spearphishing", "display_name": "T1534 - Internal Spearphishing" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1588", "name": "Obtain Capabilities", "display_name": "T1588 - Obtain Capabilities" } ], "industries": [ "Military" ], "TLP": "white", "cloned_from": null, "export_count": 10, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "mohdrennis", "id": "138092", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 7, "CVE": 1, "FileHash-MD5": 18, "FileHash-SHA1": 57, "FileHash-SHA256": 18, "URL": 21, "hostname": 9 }, "indicator_count": 131, "is_author": false, "is_subscribing": null, "subscriber_count": 356, "modified_text": "1521 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [ "S?d Rejonowy w Jeleniej G\u00f3rze.htm", "https://waf.intelix.pl/957476/Chat/Script/Compatibility", "II Wydzia? Karny - S?d Rejonowy w Jeleniej G\u00f3rze 1.htm", "https://www.welivesecurity.com/2022/01/18/donot-go-do-not-respawn/", "http://www.jelenia-gora.so.gov.pl/", "https://www.jelenia-gora.sr.gov.pl/spacer", "http://www.jelenia-gora.sr.gov.pl/ogloszenia-komornicze", "https://www.jelenia-gora.so.gov.pl/", "https://tlumacz.migam.org/sad_rejonowy_jelenia_gora" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 0 }, "other": { "adversary": [ "Windows" ], "malware_families": [ "", "Henos", "Gedit", "Serwer", "Darkmusical" ], "industries": [ "Military" ], "unique_indicators": 48125 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/biteupdates.site", "whois": "http://whois.domaintools.com/biteupdates.site", "domain": "biteupdates.site", "hostname": "manage.biteupdates.site" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 4, "pulses": [ { "id": "6826f0d79475b9bb04e45c22", "name": "DoNot Go! Do not respawn!", "description": "", "modified": "2025-06-15T08:05:52.460000", "created": "2025-05-16T08:01:27.804000", "tags": [ "donot team", "figure", "computername", "userprofile", "strong", "username", "team", "victimid", "darkmusical", "gedit", "download", "cve201711882", "february", "donot", "python", "june", "ransomhub", "tips", "malware", "ehdevel", "autoit", "troy", "phishing" ], "references": [ "https://www.welivesecurity.com/2022/01/18/donot-go-do-not-respawn/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1005", "name": "Data from Local System", "display_name": "T1005 - Data from Local System" }, { "id": "T1025", "name": "Data from Removable Media", "display_name": "T1025 - Data from Removable Media" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1048", "name": "Exfiltration Over Alternative Protocol", "display_name": "T1048 - Exfiltration Over Alternative Protocol" }, { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1074", "name": "Data Staged", "display_name": "T1074 - Data Staged" }, { "id": "T1113", "name": "Screen Capture", "display_name": "T1113 - Screen Capture" }, { "id": "T1203", "name": "Exploitation for Client Execution", "display_name": "T1203 - Exploitation for Client Execution" }, { "id": "T1204", "name": "User Execution", "display_name": "T1204 - User Execution" }, { "id": "T1534", "name": "Internal Spearphishing", "display_name": "T1534 - Internal Spearphishing" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1588", "name": "Obtain Capabilities", "display_name": "T1588 - Obtain Capabilities" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 18, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunter_NL", "id": "171283", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_171283/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 1, "FileHash-MD5": 39, "FileHash-SHA1": 57, "FileHash-SHA256": 39, "URL": 21, "domain": 7, "hostname": 9 }, "indicator_count": 173, "is_author": false, "is_subscribing": null, "subscriber_count": 845, "modified_text": "308 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "66246ff49ed29ea9bb2bf122", "name": "S\u0105d Rejonowy w Jeleniej Gorze POLAND", "description": "Przechowywania lub dost\u0119pu do plik\u00f3w cookies w Twojej przegl\u0105darce\nhttps://www.virustotal.com/gui/domain/jelenia-gora.sr.gov.pl/relations", "modified": "2025-05-14T21:18:36.989000", "created": "2024-04-21T01:46:28.554000", "tags": [ "jeleniej grze", "aktualnoci", "informacje", "jednostka", "rejonowy", "konkurs", "najczciej", "sd rejonowy", "przejd", "czytaj", "click", "sdzia jarosaw", "wydziau", "sdzia grzegorz", "katarzyna", "rudnicka dane", "kontaktowe sd", "jelenia gra", "mickiewicza", "zawarto", "html", "nazwa meta", "robotw", "telefon", "brak", "skala", "ua zgodna", "head body", "zasb", "cname", "kod odpowiedzi", "kodowanie treci", "wygasa", "gmt serwer", "pragma", "kontrola pamici", "podrcznej", "data", "gmt kontrola", "dostpuzezwl na", "czytaj wicej", "sd okrgowy", "jednostki", "okrgowy", "ogoszenia", "sha256", "vhash", "ssdeep", "https odcisk", "palca jarma", "https dane", "v3 numer", "odcisk palca", "tworzy katalog", "tworzy pliki", "typ pliku", "json", "ascii", "windows", "sqlite", "foxpro fpt", "links typ", "mapa", "152 x", "sqlite w", "sha1", "sha512", "file size", "b file", "testing", "komornik sdowy", "sdzie rejonowym", "tomasz rodacki", "obwieszczenie", "komornicze", "tumacza migam", "tumacz czynny", "zamknite", "wiadczenia", "schedule", "error", "javascript", "bakers hall", "ixaction", "script", "ixchatlauncher", "compatibility", "com dla", "t1055 pewno", "unikanie obrony", "t1036 maskarada", "t1082 pewno", "informacje o", "nazwa pliku", "dokument pdf", "rozmiar pliku", "zapowied", "type", "iii dbt", "utf8", "dziennik" ], "references": [ "S?d Rejonowy w Jeleniej G\u00f3rze.htm", "II Wydzia? Karny - S?d Rejonowy w Jeleniej G\u00f3rze 1.htm", "http://www.jelenia-gora.so.gov.pl/", "https://www.jelenia-gora.so.gov.pl/", "http://www.jelenia-gora.sr.gov.pl/ogloszenia-komornicze", "https://tlumacz.migam.org/sad_rejonowy_jelenia_gora", "https://www.jelenia-gora.sr.gov.pl/spacer", "https://waf.intelix.pl/957476/Chat/Script/Compatibility" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "", "display_name": "", "target": null }, { "id": "serwer", "display_name": "serwer", "target": null } ], "attack_ids": [ { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 24, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "email": 71, "domain": 7651, "hostname": 7680, "IPv4": 331, "FileHash-SHA256": 16168, "URL": 10399, "FileHash-MD5": 3639, "FileHash-SHA1": 3468, "CIDR": 4, "CVE": 89, "YARA": 521, "SSLCertFingerprint": 25, "JA3": 1, "IPv6": 5813 }, "indicator_count": 55860, "is_author": false, "is_subscribing": null, "subscriber_count": 141, "modified_text": "339 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "61e91ddcbe3dc238d0f823e1", "name": "DoNot Go! Do not respawn! | WeLiveSecurity", "description": "Donot Team is a persistent and persistent cyber-espionage group that is targeting government and military entities in South Asia, according to research by security firm ESET and its research team in London.", "modified": "2022-02-19T00:03:23.595000", "created": "2022-01-20T08:31:24.077000", "tags": [ "gedit", "henos", "darkmusical", "windows", "figure", "donot team", "computername", "userprofile", "username", "victimid", "team", "september", "cve201711882", "february", "python", "june", "malware", "ehdevel", "autoit", "troy", "amavaldo", "podcast" ], "references": [ "https://www.welivesecurity.com/2022/01/18/donot-go-do-not-respawn/" ], "public": 1, "adversary": "Windows", "targeted_countries": [ "Pakistan", "Nepal", "Sri Lanka", "Bangladesh" ], "malware_families": [ { "id": "Gedit", "display_name": "Gedit", "target": null }, { "id": "Henos", "display_name": "Henos", "target": null }, { "id": "DarkMusical", "display_name": "DarkMusical", "target": null } ], "attack_ids": [ { "id": "T1559", "name": "Inter-Process Communication", "display_name": "T1559 - Inter-Process Communication" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1102", "name": "Web Service", "display_name": "T1102 - Web Service" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1114", "name": "Email Collection", "display_name": "T1114 - Email Collection" }, { "id": "T1005", "name": "Data from Local System", "display_name": "T1005 - Data from Local System" }, { "id": "T1025", "name": "Data from Removable Media", "display_name": "T1025 - Data from Removable Media" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1048", "name": "Exfiltration Over Alternative Protocol", "display_name": "T1048 - Exfiltration Over Alternative Protocol" }, { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1074", "name": "Data Staged", "display_name": "T1074 - Data Staged" }, { "id": "T1113", "name": "Screen Capture", "display_name": "T1113 - Screen Capture" }, { "id": "T1203", "name": "Exploitation for Client Execution", "display_name": "T1203 - Exploitation for Client Execution" }, { "id": "T1204", "name": "User Execution", "display_name": "T1204 - User Execution" }, { "id": "T1534", "name": "Internal Spearphishing", "display_name": "T1534 - Internal Spearphishing" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1588", "name": "Obtain Capabilities", "display_name": "T1588 - Obtain Capabilities" } ], "industries": [ "Military" ], "TLP": "white", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "caralin0702", "id": "73972", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 7, "CVE": 1, "FileHash-MD5": 18, "FileHash-SHA1": 57, "FileHash-SHA256": 18, "URL": 21, "hostname": 9 }, "indicator_count": 131, "is_author": false, "is_subscribing": null, "subscriber_count": 101, "modified_text": "1520 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "61e7c4429230b85f7e941116", "name": "DoNot Go! Do not respawn! | WeLiveSecurity", "description": "A security researcher from ESET has identified and identified Donot Team, a persistent cyber-espionage group that has been targeting government and military entities in South Asian countries over the last two years.", "modified": "2022-02-18T00:02:29.475000", "created": "2022-01-19T07:56:50.606000", "tags": [ "gedit", "henos", "darkmusical", "windows", "figure", "donot team", "computername", "userprofile", "username", "victimid", "team", "september", "cve201711882", "february", "python", "june", "malware", "ehdevel", "autoit", "troy", "amavaldo", "podcast" ], "references": [ "https://www.welivesecurity.com/2022/01/18/donot-go-do-not-respawn/" ], "public": 1, "adversary": "Windows", "targeted_countries": [ "Pakistan", "Nepal", "Sri Lanka", "Bangladesh" ], "malware_families": [ { "id": "Gedit", "display_name": "Gedit", "target": null }, { "id": "Henos", "display_name": "Henos", "target": null }, { "id": "DarkMusical", "display_name": "DarkMusical", "target": null } ], "attack_ids": [ { "id": "T1559", "name": "Inter-Process Communication", "display_name": "T1559 - Inter-Process Communication" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1102", "name": "Web Service", "display_name": "T1102 - Web Service" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1114", "name": "Email Collection", "display_name": "T1114 - Email Collection" }, { "id": "T1005", "name": "Data from Local System", "display_name": "T1005 - Data from Local System" }, { "id": "T1025", "name": "Data from Removable Media", "display_name": "T1025 - Data from Removable Media" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1048", "name": "Exfiltration Over Alternative Protocol", "display_name": "T1048 - Exfiltration Over Alternative Protocol" }, { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1074", "name": "Data Staged", "display_name": "T1074 - Data Staged" }, { "id": "T1113", "name": "Screen Capture", "display_name": "T1113 - Screen Capture" }, { "id": "T1203", "name": "Exploitation for Client Execution", "display_name": "T1203 - Exploitation for Client Execution" }, { "id": "T1204", "name": "User Execution", "display_name": "T1204 - User Execution" }, { "id": "T1534", "name": "Internal Spearphishing", "display_name": "T1534 - Internal Spearphishing" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1588", "name": "Obtain Capabilities", "display_name": "T1588 - Obtain Capabilities" } ], "industries": [ "Military" ], "TLP": "white", "cloned_from": null, "export_count": 10, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "mohdrennis", "id": "138092", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 7, "CVE": 1, "FileHash-MD5": 18, "FileHash-SHA1": 57, "FileHash-SHA256": 18, "URL": 21, "hostname": 9 }, "indicator_count": 131, "is_author": false, "is_subscribing": null, "subscriber_count": 356, "modified_text": "1521 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "https://manage.biteupdates.site/", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "https://manage.biteupdates.site/", "type": "URL", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1776617018.2800653 }