{ "type": "URL", "indicator": "https://sorted-shop.online/", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "https://sorted-shop.online/", "type": "url", "type_title": "URL", "validation": [], "base_indicator": { "id": 3754033441, "indicator": "https://sorted-shop.online/", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 1, "pulses": [ { "id": "6503d7178561b166376e753c", "name": "Fake Cisco Webex Google Ads Push Malware", "description": "", "modified": "2024-08-30T06:04:45.782000", "created": "2023-09-15T04:01:27.988000", "tags": [ "webex", "google", "batloader", "urls", "cisco", "google search", "ad campaign", "webex logo", "mexico", "google ads", "virustotal", "nebula", "powershell", "python", "danabot", "group", "please", "team", "proofpoint", "eset research", "push", "cisa", "crowdstrike", "red dev", "dennis", "malware", "redline stealer", "trojan", "zloader", "evolution", "netwire rc", "jackal", "agent tesla", "twitter", "ave maria", "oilrig", "mask", "machete", "panda", "back", "nullmixer", "privateloader", "mars stealer", "ytstealer", "defense", "cobalt strike", "miner", "zeus", "mount locker", "quasar rat", "ransomware", "trickbot", "nanocore rat", "defensor id", "ctb locker", "wannacryptor", "stealer", "predator", "tiger", "attack", "download", "ixeshe", "aluminum", "msupdater", "nettraveler", "keyboy", "sednit", "sofacy", "oceanlotus", "holmium", "scarcruft", "venus", "sykipot", "leviathan", "amoeba", "hoodoo", "dragon", "star", "matanbuchus", "comnie", "termite", "emdivi", "greenbug", "careto", "cobalt", "cyber", "icefog", "trident", "dnspionage", "darkhotel", "luder", "nemim", "tapaoux", "pioneer", "havex", "evilnum", "carbanak", "gcman", "ghostnet", "bitter", "infy", "karakurt", "kinsing", "mercury", "naikon", "nitro", "strongpity", "powerpool", "indra", "sauron", "sidewinder", "redalpha", "mantis", "rocke", "mimic", "silence", "guardian", "teamspy", "teamtnt", "teamxrat", "turla", "snake", "wraith", "pfinet", "krypton", "zoopark", "unit", "threat response", "pla unit", "change", "intel", "ursnif", "tools", "jason", "vidar", "green", "hive", "stealth mango" ], "references": [ "September 15th, 2023 - CryptoGen Cyber Threat Intelligence Advisory #3249 - Fake Cisco Webex Google Ads Push Malware.pdf" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Ursnif", "display_name": "Ursnif", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1204", "name": "User Execution", "display_name": "T1204 - User Execution" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 120, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "cryptocti", "id": "110256", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_110256/resized/80/avatar_e237a4257c.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 2, "URL": 31, "domain": 33, "FileHash-SHA1": 1, "YARA": 1, "hostname": 3 }, "indicator_count": 71, "is_author": false, "is_subscribing": null, "subscriber_count": 500, "modified_text": "639 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [ "September 15th, 2023 - CryptoGen Cyber Threat Intelligence Advisory #3249 - Fake Cisco Webex Google Ads Push Malware.pdf" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 0 }, "other": { "adversary": [], "malware_families": [ "Ursnif" ], "industries": [], "unique_indicators": 74 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/sorted-shop.online", "whois": "http://whois.domaintools.com/sorted-shop.online", "domain": "sorted-shop.online", "hostname": "Unavailable" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 1, "pulses": [ { "id": "6503d7178561b166376e753c", "name": "Fake Cisco Webex Google Ads Push Malware", "description": "", "modified": "2024-08-30T06:04:45.782000", "created": "2023-09-15T04:01:27.988000", "tags": [ "webex", "google", "batloader", "urls", "cisco", "google search", "ad campaign", "webex logo", "mexico", "google ads", "virustotal", "nebula", "powershell", "python", "danabot", "group", "please", "team", "proofpoint", "eset research", "push", "cisa", "crowdstrike", "red dev", "dennis", "malware", "redline stealer", "trojan", "zloader", "evolution", "netwire rc", "jackal", "agent tesla", "twitter", "ave maria", "oilrig", "mask", "machete", "panda", "back", "nullmixer", "privateloader", "mars stealer", "ytstealer", "defense", "cobalt strike", "miner", "zeus", "mount locker", "quasar rat", "ransomware", "trickbot", "nanocore rat", "defensor id", "ctb locker", "wannacryptor", "stealer", "predator", "tiger", "attack", "download", "ixeshe", "aluminum", "msupdater", "nettraveler", "keyboy", "sednit", "sofacy", "oceanlotus", "holmium", "scarcruft", "venus", "sykipot", "leviathan", "amoeba", "hoodoo", "dragon", "star", "matanbuchus", "comnie", "termite", "emdivi", "greenbug", "careto", "cobalt", "cyber", "icefog", "trident", "dnspionage", "darkhotel", "luder", "nemim", "tapaoux", "pioneer", "havex", "evilnum", "carbanak", "gcman", "ghostnet", "bitter", "infy", "karakurt", "kinsing", "mercury", "naikon", "nitro", "strongpity", "powerpool", "indra", "sauron", "sidewinder", "redalpha", "mantis", "rocke", "mimic", "silence", "guardian", "teamspy", "teamtnt", "teamxrat", "turla", "snake", "wraith", "pfinet", "krypton", "zoopark", "unit", "threat response", "pla unit", "change", "intel", "ursnif", "tools", "jason", "vidar", "green", "hive", "stealth mango" ], "references": [ "September 15th, 2023 - CryptoGen Cyber Threat Intelligence Advisory #3249 - Fake Cisco Webex Google Ads Push Malware.pdf" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Ursnif", "display_name": "Ursnif", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1204", "name": "User Execution", "display_name": "T1204 - User Execution" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 120, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "cryptocti", "id": "110256", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_110256/resized/80/avatar_e237a4257c.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 2, "URL": 31, "domain": 33, "FileHash-SHA1": 1, "YARA": 1, "hostname": 3 }, "indicator_count": 71, "is_author": false, "is_subscribing": null, "subscriber_count": 500, "modified_text": "639 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "https://sorted-shop.online/", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "https://sorted-shop.online/", "type": "URL", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1780278552.345048 }