{ "type": "URL", "indicator": "https://s3api.shop/api/", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "https://s3api.shop/api/", "type": "url", "type_title": "URL", "validation": [], "base_indicator": { "id": 3943097077, "indicator": "https://s3api.shop/api/", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 2, "pulses": [ { "id": "66f9aeff2d03baeab048999c", "name": "ACTIVIDAD MALICIOSA | Relacionada con Lumma Stealer 29-09-2024", "description": "Lumma Stealer es un tipo de software malicioso dise\u00f1ado para robar informaci\u00f3n confidencial de los dispositivos infectados. Este malware se infiltra en los sistemas y extrae datos personales, como nombres de usuario, contrase\u00f1as, informaci\u00f3n bancaria y detalles de tarjetas de cr\u00e9dito. LummaStealer puede afectar varias cuentas, incluidas redes sociales, correos electr\u00f3nicos y monederos de criptomonedas. Los delincuentes pueden usar la informaci\u00f3n robada para chantaje, suplantaci\u00f3n de identidad, y realizar transacciones fraudulentas, lo que puede causar serios problemas de privacidad y p\u00e9rdidas econ\u00f3micas significativas para las v\u00edctimas.", "modified": "2024-10-29T19:03:15.889000", "created": "2024-09-29T19:48:15.170000", "tags": [ "access", "discovery", "ta0001 initial", "t1003 data", "local system", "t1033 system", "t1057 process", "t1082 system", "t1087 account" ], "references": [ "https://www.virustotal.com/graph/embed/g7d7074ccf4734ca7b2f24ee7f2c4b7c6a06b0a63e14c4010b93967adb2fae722?theme=light", "https://darfe.es/ciberwiki/index.php?title=Lumma", "https://www.alertasyseguridad.net/repositorio-ioc/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Lumma Stealer", "display_name": "Lumma Stealer", "target": null } ], "attack_ids": [ { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1033", "name": "System Owner/User Discovery", "display_name": "T1033 - System Owner/User Discovery" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1087", "name": "Account Discovery", "display_name": "T1087 - Account Discovery" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 24, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "esoporteingenieria2020", "id": "121604", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_121604/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 242, "FileHash-MD5": 6, "FileHash-SHA1": 6, "FileHash-SHA256": 6, "domain": 262 }, "indicator_count": 522, "is_author": false, "is_subscribing": null, "subscriber_count": 269, "modified_text": "579 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6654198962e43dc463f692c2", "name": "DOH IP & URL IOC", "description": "The following is the full text of the report on the findings of this year's World Cup in Brazil, which was held at the same time as the 2016 Olympics in Rio de Janeiro, Brazil.", "modified": "2024-09-25T04:01:33.267000", "created": "2024-05-27T05:26:33.698000", "tags": [ "iocs https" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 59, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "fueledbycoffeeDXB", "id": "272228", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 270, "CIDR": 1, "domain": 116, "hostname": 33, "FileHash-MD5": 1 }, "indicator_count": 421, "is_author": false, "is_subscribing": null, "subscriber_count": 31, "modified_text": "613 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [ "https://www.alertasyseguridad.net/repositorio-ioc/", "https://www.virustotal.com/graph/embed/g7d7074ccf4734ca7b2f24ee7f2c4b7c6a06b0a63e14c4010b93967adb2fae722?theme=light", "https://darfe.es/ciberwiki/index.php?title=Lumma" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 0 }, "other": { "adversary": [], "malware_families": [ "Lumma stealer" ], "industries": [], "unique_indicators": 1893 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/s3api.shop", "whois": "http://whois.domaintools.com/s3api.shop", "domain": "s3api.shop", "hostname": "Unavailable" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 2, "pulses": [ { "id": "66f9aeff2d03baeab048999c", "name": "ACTIVIDAD MALICIOSA | Relacionada con Lumma Stealer 29-09-2024", "description": "Lumma Stealer es un tipo de software malicioso dise\u00f1ado para robar informaci\u00f3n confidencial de los dispositivos infectados. Este malware se infiltra en los sistemas y extrae datos personales, como nombres de usuario, contrase\u00f1as, informaci\u00f3n bancaria y detalles de tarjetas de cr\u00e9dito. LummaStealer puede afectar varias cuentas, incluidas redes sociales, correos electr\u00f3nicos y monederos de criptomonedas. Los delincuentes pueden usar la informaci\u00f3n robada para chantaje, suplantaci\u00f3n de identidad, y realizar transacciones fraudulentas, lo que puede causar serios problemas de privacidad y p\u00e9rdidas econ\u00f3micas significativas para las v\u00edctimas.", "modified": "2024-10-29T19:03:15.889000", "created": "2024-09-29T19:48:15.170000", "tags": [ "access", "discovery", "ta0001 initial", "t1003 data", "local system", "t1033 system", "t1057 process", "t1082 system", "t1087 account" ], "references": [ "https://www.virustotal.com/graph/embed/g7d7074ccf4734ca7b2f24ee7f2c4b7c6a06b0a63e14c4010b93967adb2fae722?theme=light", "https://darfe.es/ciberwiki/index.php?title=Lumma", "https://www.alertasyseguridad.net/repositorio-ioc/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Lumma Stealer", "display_name": "Lumma Stealer", "target": null } ], "attack_ids": [ { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1033", "name": "System Owner/User Discovery", "display_name": "T1033 - System Owner/User Discovery" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1087", "name": "Account Discovery", "display_name": "T1087 - Account Discovery" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 24, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "esoporteingenieria2020", "id": "121604", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_121604/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 242, "FileHash-MD5": 6, "FileHash-SHA1": 6, "FileHash-SHA256": 6, "domain": 262 }, "indicator_count": 522, "is_author": false, "is_subscribing": null, "subscriber_count": 269, "modified_text": "579 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6654198962e43dc463f692c2", "name": "DOH IP & URL IOC", "description": "The following is the full text of the report on the findings of this year's World Cup in Brazil, which was held at the same time as the 2016 Olympics in Rio de Janeiro, Brazil.", "modified": "2024-09-25T04:01:33.267000", "created": "2024-05-27T05:26:33.698000", "tags": [ "iocs https" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 59, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "fueledbycoffeeDXB", "id": "272228", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 270, "CIDR": 1, "domain": 116, "hostname": 33, "FileHash-MD5": 1 }, "indicator_count": 421, "is_author": false, "is_subscribing": null, "subscriber_count": 31, "modified_text": "613 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "https://s3api.shop/api/", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "https://s3api.shop/api/", "type": "URL", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1780265655.8458457 }