{ "type": "URL", "indicator": "https://paymenthacks.com", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "https://paymenthacks.com", "type": "url", "type_title": "URL", "validation": [], "base_indicator": { "id": 3168567956, "indicator": "https://paymenthacks.com", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 3, "pulses": [ { "id": "61840495bfc51827c7d12d7e", "name": "The Darker Things: BlackMatter and their victims", "description": "On November 3, BlackMatter gang announced it was shutting its Ransomware-as-a-Service program due to the \"pressure from the authorities\".\n\nHowever, it doesn't mean that BlackMatter's affiliates will stop malicious activity. They will most likely join other RaaS programs. In addition, this might just be an attempt to have a fresh start under a different name. Just like BlackMatter was a rebranding of DarkSide, a new successor may appear soon. Therefore, given the similarities that we observed between DarkSide and BlackMatter ransomware back in August, it's important to be aware of the latest ransomware versions' features: malware configuration, encryption mechanisms in use etc.", "modified": "2021-11-04T16:04:36.906000", "created": "2021-11-04T16:04:36.906000", "tags": [ "BlackMatter", "DarkSide", "malware", "raas", "ransomware" ], "references": [ "https://blog.group-ib.com/blackmatter2" ], "public": 1, "adversary": "BlackMatter", "targeted_countries": [ "Japan", "France", "Italy", "Austria", "United States of America" ], "malware_families": [ { "id": "BlackMatter", "display_name": "BlackMatter", "target": null } ], "attack_ids": [ { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1068", "name": "Exploitation for Privilege Escalation", "display_name": "T1068 - Exploitation for Privilege Escalation" }, { "id": "T1090", "name": "Proxy", "display_name": "T1090 - Proxy" }, { "id": "T1560", "name": "Archive Collected Data", "display_name": "T1560 - Archive Collected Data" }, { "id": "T1490", "name": "Inhibit System Recovery", "display_name": "T1490 - Inhibit System Recovery" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 370, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 78, "FileHash-SHA1": 46, "FileHash-SHA256": 57, "URL": 39, "YARA": 3 }, "indicator_count": 223, "is_author": false, "is_subscribing": null, "subscriber_count": 386963, "modified_text": "1671 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6570931fcf91926da06d3307", "name": "BlackMatter Ransomware", "description": "", "modified": "2023-12-06T15:28:31.109000", "created": "2023-12-06T15:28:31.109000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 132, "FileHash-SHA256": 166, "FileHash-SHA1": 100, "URL": 40, "domain": 10, "hostname": 10 }, "indicator_count": 458, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "909 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "634727f45712367fe64ef853", "name": "BlackMatter Ransomware", "description": "Doppel Paymer Ransomware", "modified": "2022-10-12T20:48:01.272000", "created": "2022-10-12T20:47:48.338000", "tags": [], "references": [ "https://www.netsecurity.com/blackmatter-ransomware-analysis/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 13, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "carlosxr7", "id": "50553", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_50553/resized/80/avatar_7684c667da.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 172, "FileHash-SHA1": 140, "FileHash-SHA256": 208, "URL": 40, "domain": 14, "hostname": 10 }, "indicator_count": 584, "is_author": false, "is_subscribing": null, "subscriber_count": 131, "modified_text": "1328 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [ "https://blog.group-ib.com/blackmatter2", "https://www.netsecurity.com/blackmatter-ransomware-analysis/" ], "related": { "alienvault": { "adversary": [ "BlackMatter" ], "malware_families": [ "Blackmatter" ], "industries": [], "unique_indicators": 223 }, "other": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 458 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/paymenthacks.com", "whois": "http://whois.domaintools.com/paymenthacks.com", "domain": "paymenthacks.com", "hostname": "Unavailable" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 3, "pulses": [ { "id": "61840495bfc51827c7d12d7e", "name": "The Darker Things: BlackMatter and their victims", "description": "On November 3, BlackMatter gang announced it was shutting its Ransomware-as-a-Service program due to the \"pressure from the authorities\".\n\nHowever, it doesn't mean that BlackMatter's affiliates will stop malicious activity. They will most likely join other RaaS programs. In addition, this might just be an attempt to have a fresh start under a different name. Just like BlackMatter was a rebranding of DarkSide, a new successor may appear soon. Therefore, given the similarities that we observed between DarkSide and BlackMatter ransomware back in August, it's important to be aware of the latest ransomware versions' features: malware configuration, encryption mechanisms in use etc.", "modified": "2021-11-04T16:04:36.906000", "created": "2021-11-04T16:04:36.906000", "tags": [ "BlackMatter", "DarkSide", "malware", "raas", "ransomware" ], "references": [ "https://blog.group-ib.com/blackmatter2" ], "public": 1, "adversary": "BlackMatter", "targeted_countries": [ "Japan", "France", "Italy", "Austria", "United States of America" ], "malware_families": [ { "id": "BlackMatter", "display_name": "BlackMatter", "target": null } ], "attack_ids": [ { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1068", "name": "Exploitation for Privilege Escalation", "display_name": "T1068 - Exploitation for Privilege Escalation" }, { "id": "T1090", "name": "Proxy", "display_name": "T1090 - Proxy" }, { "id": "T1560", "name": "Archive Collected Data", "display_name": "T1560 - Archive Collected Data" }, { "id": "T1490", "name": "Inhibit System Recovery", "display_name": "T1490 - Inhibit System Recovery" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 370, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 78, "FileHash-SHA1": 46, "FileHash-SHA256": 57, "URL": 39, "YARA": 3 }, "indicator_count": 223, "is_author": false, "is_subscribing": null, "subscriber_count": 386963, "modified_text": "1671 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6570931fcf91926da06d3307", "name": "BlackMatter Ransomware", "description": "", "modified": "2023-12-06T15:28:31.109000", "created": "2023-12-06T15:28:31.109000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 132, "FileHash-SHA256": 166, "FileHash-SHA1": 100, "URL": 40, "domain": 10, "hostname": 10 }, "indicator_count": 458, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "909 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "634727f45712367fe64ef853", "name": "BlackMatter Ransomware", "description": "Doppel Paymer Ransomware", "modified": "2022-10-12T20:48:01.272000", "created": "2022-10-12T20:47:48.338000", "tags": [], "references": [ "https://www.netsecurity.com/blackmatter-ransomware-analysis/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 13, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "carlosxr7", "id": "50553", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_50553/resized/80/avatar_7684c667da.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 172, "FileHash-SHA1": 140, "FileHash-SHA256": 208, "URL": 40, "domain": 14, "hostname": 10 }, "indicator_count": 584, "is_author": false, "is_subscribing": null, "subscriber_count": 131, "modified_text": "1328 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "https://paymenthacks.com", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "https://paymenthacks.com", "type": "URL", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1780430884.003252 }