{ "type": "URL", "indicator": "https://ssl2.blockbitcoin.com/GYqK", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "https://ssl2.blockbitcoin.com/GYqK", "type": "url", "type_title": "URL", "validation": [], "base_indicator": { "id": 699339801, "indicator": "https://ssl2.blockbitcoin.com/GYqK", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 1, "pulses": [ { "id": "5b0db2c6c1916a4c39846d10", "name": "Iron Cybercrime Group Under The Scope", "description": "In April 2018, while monitoring public data feeds, we noticed an interesting and previously unknown backdoor using HackingTeam\u2019s leaked RCS source code. We discovered that this backdoor was developed by the Iron cybercrime group, the same group behind the Iron ransomware (rip-off Maktub ransomware recently discovered by Bart Parys), which we believe has been active for the past 18 months.", "modified": "2018-05-29T20:06:30.346000", "created": "2018-05-29T20:06:30.346000", "tags": [], "references": [ "https://www.intezer.com/iron-cybercrime-group-under-the-scope-2/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 68, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "URL": 49, "hostname": 6, "FileHash-SHA256": 107, "domain": 6 }, "indicator_count": 168, "is_author": false, "is_subscribing": null, "subscriber_count": 386634, "modified_text": "2923 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [ "https://www.intezer.com/iron-cybercrime-group-under-the-scope-2/" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 168 }, "other": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 0 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/blockbitcoin.com", "whois": "http://whois.domaintools.com/blockbitcoin.com", "domain": "blockbitcoin.com", "hostname": "ssl2.blockbitcoin.com" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 1, "pulses": [ { "id": "5b0db2c6c1916a4c39846d10", "name": "Iron Cybercrime Group Under The Scope", "description": "In April 2018, while monitoring public data feeds, we noticed an interesting and previously unknown backdoor using HackingTeam\u2019s leaked RCS source code. We discovered that this backdoor was developed by the Iron cybercrime group, the same group behind the Iron ransomware (rip-off Maktub ransomware recently discovered by Bart Parys), which we believe has been active for the past 18 months.", "modified": "2018-05-29T20:06:30.346000", "created": "2018-05-29T20:06:30.346000", "tags": [], "references": [ "https://www.intezer.com/iron-cybercrime-group-under-the-scope-2/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 68, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "URL": 49, "hostname": 6, "FileHash-SHA256": 107, "domain": 6 }, "indicator_count": 168, "is_author": false, "is_subscribing": null, "subscriber_count": 386634, "modified_text": "2923 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "https://ssl2.blockbitcoin.com/GYqK", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "https://ssl2.blockbitcoin.com/GYqK", "type": "URL", "found": true, "verdict": "malicious", "url_status": "offline", "threat": "malware_download", "tags": [ "malware" ], "date_added": "2018-05-02", "last_online": "", "reporter": "JAMESWT_MHT", "host": "ssl2.blockbitcoin.com", "payloads": [ { "filename": null, "file_type": "exe", "md5": "68c6c614ddd35f6c278f67dcd569adc6", "sha256": "1922667603fd9e2dc40a4955d2dc30430f3af296fe716de6759520b978562d42", "signature": null, "first_seen": "2018-05-02" } ], "error": null }, "from_cache": true, "_cached_at": 1780256514.429531 }