{ "type": "URL", "indicator": "https://redmond.corp-microsoft.com/help/index.php", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "https://redmond.corp-microsoft.com/help/index.php", "type": "url", "type_title": "URL", "validation": [], "base_indicator": { "id": 2118606234, "indicator": "https://redmond.corp-microsoft.com/help/index.php", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 1, "pulses": [ { "id": "5d270b29fccc021c80764db4", "name": "Buhtrap group uses zero\u2011day in latest espionage campaigns", "description": "The Buhtrap group is well known for its targeting of financial institutions and businesses in Russia. However, since late 2015, we have witnessed an interesting change in its traditional targets. From a pure criminal group perpetrating cybercrime for financial gain, its toolset has been expanded with malware used to conduct espionage in Eastern Europe and Central Asia.", "modified": "2019-07-12T15:33:11.607000", "created": "2019-07-11T10:10:49.755000", "tags": [ "russia", "buhtrap" ], "references": [ "https://www.welivesecurity.com/2019/07/11/buhtrap-zero-day-espionage-campaigns/" ], "public": 1, "adversary": "BuhTrap", "targeted_countries": [ "Ukraine" ], "malware_families": [], "attack_ids": [], "industries": [ "Government" ], "TLP": "white", "cloned_from": null, "export_count": 53, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "URL": 5, "domain": 5, "FileHash-SHA256": 6, "hostname": 8, "FileHash-SHA1": 6, "CVE": 2 }, "indicator_count": 32, "is_author": false, "is_subscribing": null, "subscriber_count": 386544, "modified_text": "2514 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [ "https://www.welivesecurity.com/2019/07/11/buhtrap-zero-day-espionage-campaigns/" ], "related": { "alienvault": { "adversary": [ "BuhTrap" ], "malware_families": [], "industries": [ "Government" ], "unique_indicators": 32 }, "other": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 0 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/corp-microsoft.com", "whois": "http://whois.domaintools.com/corp-microsoft.com", "domain": "corp-microsoft.com", "hostname": "redmond.corp-microsoft.com" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 1, "pulses": [ { "id": "5d270b29fccc021c80764db4", "name": "Buhtrap group uses zero\u2011day in latest espionage campaigns", "description": "The Buhtrap group is well known for its targeting of financial institutions and businesses in Russia. However, since late 2015, we have witnessed an interesting change in its traditional targets. From a pure criminal group perpetrating cybercrime for financial gain, its toolset has been expanded with malware used to conduct espionage in Eastern Europe and Central Asia.", "modified": "2019-07-12T15:33:11.607000", "created": "2019-07-11T10:10:49.755000", "tags": [ "russia", "buhtrap" ], "references": [ "https://www.welivesecurity.com/2019/07/11/buhtrap-zero-day-espionage-campaigns/" ], "public": 1, "adversary": "BuhTrap", "targeted_countries": [ "Ukraine" ], "malware_families": [], "attack_ids": [], "industries": [ "Government" ], "TLP": "white", "cloned_from": null, "export_count": 53, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "URL": 5, "domain": 5, "FileHash-SHA256": 6, "hostname": 8, "FileHash-SHA1": 6, "CVE": 2 }, "indicator_count": 32, "is_author": false, "is_subscribing": null, "subscriber_count": 386544, "modified_text": "2514 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "https://redmond.corp-microsoft.com/help/index.php", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "https://redmond.corp-microsoft.com/help/index.php", "type": "URL", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1780211355.9290662 }