{ "type": "URL", "indicator": "https://transfer.sh", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "https://transfer.sh", "type": "url", "type_title": "URL", "validation": [], "base_indicator": { "id": 3645783326, "indicator": "https://transfer.sh", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 3, "pulses": [ { "id": "64c8a3cf44bafd49321c7560", "name": "Lockbit 3.0 ransomware", "description": "LockBit 3.0 is a ransomware malware that was first seen in June 2022 and has since become a significant cybersecurity threat to organizations worldwide. It uses a hybrid encryption approach with AES and RSA encryption algorithms and is known for its complexity and evasiveness. LockBit 3.0 is being used by multiple ransomware threat actor groups, including the LockBit gang, which has been behind numerous attacks and is now accepting Zcash for payments.", "modified": "2023-08-31T06:03:08.740000", "created": "2023-08-01T06:18:55.716000", "tags": [ "sha256", "sha1" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Ransom:Win32/LockBit", "display_name": "Ransom:Win32/LockBit", "target": "/malware/Ransom:Win32/LockBit" } ], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 65, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "akhanafeer", "id": "195327", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 4, "FileHash-MD5": 22, "FileHash-SHA1": 14, "FileHash-SHA256": 19, "domain": 159, "hostname": 4 }, "indicator_count": 222, "is_author": false, "is_subscribing": null, "subscriber_count": 73, "modified_text": "1006 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6413b1c5978906560c087536", "name": "InQuest - 16-03-2023", "description": "", "modified": "2023-04-16T00:00:00.756000", "created": "2023-03-17T00:18:13.443000", "tags": [], "references": [ "https://labs.inquest.net/iocdb" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 7, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunterAutoFeed", "id": "182496", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_182496/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 172, "URL": 1359, "domain": 933, "hostname": 243, "FileHash-SHA1": 6, "FileHash-MD5": 15 }, "indicator_count": 2728, "is_author": false, "is_subscribing": null, "subscriber_count": 1625, "modified_text": "1143 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6418994861aa5b64e527855c", "name": "#StopRansomware: LockBit 3.0", "description": "taken from \nhttps://www.ic3.gov/Media/News/2023/230316.pdf\nMarch 16, 2023", "modified": "2023-03-20T17:35:04.664000", "created": "2023-03-20T17:35:04.664000", "tags": [], "references": [ "230316.pdf" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1021", "name": "Remote Services", "display_name": "T1021 - Remote Services" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1046", "name": "Network Service Scanning", "display_name": "T1046 - Network Service Scanning" }, { "id": "T1048", "name": "Exfiltration Over Alternative Protocol", "display_name": "T1048 - Exfiltration Over Alternative Protocol" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1072", "name": "Software Deployment Tools", "display_name": "T1072 - Software Deployment Tools" }, { "id": "T1078", "name": "Valid Accounts", "display_name": "T1078 - Valid Accounts" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1133", "name": "External Remote Services", "display_name": "T1133 - External Remote Services" }, { "id": "T1189", "name": "Drive-by Compromise", "display_name": "T1189 - Drive-by Compromise" }, { "id": "T1190", "name": "Exploit Public-Facing Application", "display_name": "T1190 - Exploit Public-Facing Application" }, { "id": "T1480", "name": "Execution Guardrails", "display_name": "T1480 - Execution Guardrails" }, { "id": "T1485", "name": "Data Destruction", "display_name": "T1485 - Data Destruction" }, { "id": "T1486", "name": "Data Encrypted for Impact", "display_name": "T1486 - Data Encrypted for Impact" }, { "id": "T1489", "name": "Service Stop", "display_name": "T1489 - Service Stop" }, { "id": "T1490", "name": "Inhibit System Recovery", "display_name": "T1490 - Inhibit System Recovery" }, { "id": "T1491", "name": "Defacement", "display_name": "T1491 - Defacement" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1567", "name": "Exfiltration Over Web Service", "display_name": "T1567 - Exfiltration Over Web Service" }, { "id": "T1572", "name": "Protocol Tunneling", "display_name": "T1572 - Protocol Tunneling" }, { "id": "T1614", "name": "System Location Discovery", "display_name": "T1614 - System Location Discovery" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 34, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "javilon69", "id": "198988", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 6, "hostname": 3, "domain": 2 }, "indicator_count": 11, "is_author": false, "is_subscribing": null, "subscriber_count": 23, "modified_text": "1169 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [ "https://labs.inquest.net/iocdb", "230316.pdf" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 0 }, "other": { "adversary": [], "malware_families": [ "Ransom:win32/lockbit" ], "industries": [], "unique_indicators": 3071 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/transfer.sh", "whois": "http://whois.domaintools.com/transfer.sh", "domain": "transfer.sh", "hostname": "Unavailable" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 3, "pulses": [ { "id": "64c8a3cf44bafd49321c7560", "name": "Lockbit 3.0 ransomware", "description": "LockBit 3.0 is a ransomware malware that was first seen in June 2022 and has since become a significant cybersecurity threat to organizations worldwide. It uses a hybrid encryption approach with AES and RSA encryption algorithms and is known for its complexity and evasiveness. LockBit 3.0 is being used by multiple ransomware threat actor groups, including the LockBit gang, which has been behind numerous attacks and is now accepting Zcash for payments.", "modified": "2023-08-31T06:03:08.740000", "created": "2023-08-01T06:18:55.716000", "tags": [ "sha256", "sha1" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Ransom:Win32/LockBit", "display_name": "Ransom:Win32/LockBit", "target": "/malware/Ransom:Win32/LockBit" } ], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 65, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "akhanafeer", "id": "195327", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 4, "FileHash-MD5": 22, "FileHash-SHA1": 14, "FileHash-SHA256": 19, "domain": 159, "hostname": 4 }, "indicator_count": 222, "is_author": false, "is_subscribing": null, "subscriber_count": 73, "modified_text": "1006 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6413b1c5978906560c087536", "name": "InQuest - 16-03-2023", "description": "", "modified": "2023-04-16T00:00:00.756000", "created": "2023-03-17T00:18:13.443000", "tags": [], "references": [ "https://labs.inquest.net/iocdb" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 7, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunterAutoFeed", "id": "182496", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_182496/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 172, "URL": 1359, "domain": 933, "hostname": 243, "FileHash-SHA1": 6, "FileHash-MD5": 15 }, "indicator_count": 2728, "is_author": false, "is_subscribing": null, "subscriber_count": 1625, "modified_text": "1143 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6418994861aa5b64e527855c", "name": "#StopRansomware: LockBit 3.0", "description": "taken from \nhttps://www.ic3.gov/Media/News/2023/230316.pdf\nMarch 16, 2023", "modified": "2023-03-20T17:35:04.664000", "created": "2023-03-20T17:35:04.664000", "tags": [], "references": [ "230316.pdf" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1021", "name": "Remote Services", "display_name": "T1021 - Remote Services" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1046", "name": "Network Service Scanning", "display_name": "T1046 - Network Service Scanning" }, { "id": "T1048", "name": "Exfiltration Over Alternative Protocol", "display_name": "T1048 - Exfiltration Over Alternative Protocol" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1072", "name": "Software Deployment Tools", "display_name": "T1072 - Software Deployment Tools" }, { "id": "T1078", "name": "Valid Accounts", "display_name": "T1078 - Valid Accounts" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1133", "name": "External Remote Services", "display_name": "T1133 - External Remote Services" }, { "id": "T1189", "name": "Drive-by Compromise", "display_name": "T1189 - Drive-by Compromise" }, { "id": "T1190", "name": "Exploit Public-Facing Application", "display_name": "T1190 - Exploit Public-Facing Application" }, { "id": "T1480", "name": "Execution Guardrails", "display_name": "T1480 - Execution Guardrails" }, { "id": "T1485", "name": "Data Destruction", "display_name": "T1485 - Data Destruction" }, { "id": "T1486", "name": "Data Encrypted for Impact", "display_name": "T1486 - Data Encrypted for Impact" }, { "id": "T1489", "name": "Service Stop", "display_name": "T1489 - Service Stop" }, { "id": "T1490", "name": "Inhibit System Recovery", "display_name": "T1490 - Inhibit System Recovery" }, { "id": "T1491", "name": "Defacement", "display_name": "T1491 - Defacement" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1567", "name": "Exfiltration Over Web Service", "display_name": "T1567 - Exfiltration Over Web Service" }, { "id": "T1572", "name": "Protocol Tunneling", "display_name": "T1572 - Protocol Tunneling" }, { "id": "T1614", "name": "System Location Discovery", "display_name": "T1614 - System Location Discovery" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 34, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "javilon69", "id": "198988", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 6, "hostname": 3, "domain": 2 }, "indicator_count": 11, "is_author": false, "is_subscribing": null, "subscriber_count": 23, "modified_text": "1169 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "https://transfer.sh", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "https://transfer.sh", "type": "URL", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1780413271.9098423 }