{ "type": "URL", "indicator": "https://vtaurl.com/IHytw", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "https://vtaurl.com/IHytw", "type": "url", "type_title": "URL", "validation": [], "base_indicator": { "id": 3459518644, "indicator": "https://vtaurl.com/IHytw", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 3, "pulses": [ { "id": "628e41bfc638713a4ae14eb1", "name": "PDF Malware Is Not Yet Dead", "description": "For the past decade, attackers have preferred to package malware in Microsoft Office file formats, particularly Word and Excel. In fact, in Q1 2022 nearly half (45%) of malware stopped by HP Wolf Security used Office formats. The reasons are clear: users are familiar with these file types, the applications used to open them are ubiquitous, and they are suited to social engineering lures.", "modified": "2022-05-25T14:48:30.494000", "created": "2022-05-25T14:48:30.494000", "tags": [ "pdf document", "snake keylogger", "cve201711882" ], "references": [ "https://threatresearch.ext.hp.com/pdf-malware-is-not-yet-dead/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Trojan:MSIL/SnakeKeylogger", "display_name": "Trojan:MSIL/SnakeKeylogger", "target": "/malware/Trojan:MSIL/SnakeKeylogger" } ], "attack_ids": [ { "id": "T1137.001", "name": "Office Template Macros", "display_name": "T1137.001 - Office Template Macros" }, { "id": "T1193", "name": "Spearphishing Attachment", "display_name": "T1193 - Spearphishing Attachment" }, { "id": "T1068", "name": "Exploitation for Privilege Escalation", "display_name": "T1068 - Exploitation for Privilege Escalation" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 326, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "URL": 4, "CVE": 1, "FileHash-MD5": 4, "FileHash-SHA1": 4, "FileHash-SHA256": 6 }, "indicator_count": 19, "is_author": false, "is_subscribing": null, "subscriber_count": 386520, "modified_text": "1466 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65708f14e7a0c53e2a5cee85", "name": "157 CONEXIONES MALICIOSAS | CONEXION CON FILE SHA-256: 297f318975256c22e5069d714dd42753b78b0a23e24266b9b67feb7352942962", "description": "", "modified": "2023-12-06T15:11:16.594000", "created": "2023-12-06T15:11:16.594000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 46, "FileHash-MD5": 33, "FileHash-SHA1": 33, "URL": 3, "domain": 1, "hostname": 1 }, "indicator_count": 117, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "906 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "62926ab0fd45be55b7717576", "name": "157 CONEXIONES MALICIOSAS | CONEXION CON FILE SHA-256: 297f318975256c22e5069d714dd42753b78b0a23e24266b9b67feb7352942962", "description": "Estas 157 conexiones se pueden evidenciar en seguimiento virus total: https://www.virustotal.com/graph/embed/g92d7649b0aa240b393b3fd8265eb9015c5555c771b0444c8819799488d38230f, cabe se\u00f1alar que este se reaizar apartir de indicador proporcionado por: threatresearch.ext.hp.com en aviso de OTX:https://otx.alienvault.com/pulse/628e41bfc638713a4ae14eb1, donde se realzaciona este con actividad de SNAKE KEYLOGGER", "modified": "2022-06-27T00:04:33.529000", "created": "2022-05-28T18:32:16.091000", "tags": [], "references": [ "https://www.virustotal.com/graph/embed/g92d7649b0aa240b393b3fd8265eb9015c5555c771b0444c8819799488d38230f", "https://otx.alienvault.com/pulse/628e41bfc638713a4ae14eb1", "https://www.alertasyseguridad.com/" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Germany", "United Kingdom of Great Britain and Northern Ireland", "Colombia", "Argentina", "Brazil", "Canada", "Japan", "Zambia", "Poland", "Netherlands", "Chile", "Viet Nam", "Tanzania, United Republic of", "Kenya", "Czechia", "Estonia", "Mexico" ], "malware_families": [ { "id": "SNAKE KEYLOGGER", "display_name": "SNAKE KEYLOGGER", "target": null } ], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 7, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "esoporteingenieria2020", "id": "121604", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_121604/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 3, "FileHash-MD5": 33, "FileHash-SHA1": 33, "FileHash-SHA256": 46, "domain": 1, "hostname": 1 }, "indicator_count": 117, "is_author": false, "is_subscribing": null, "subscriber_count": 266, "modified_text": "1434 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [ "https://otx.alienvault.com/pulse/628e41bfc638713a4ae14eb1", "https://threatresearch.ext.hp.com/pdf-malware-is-not-yet-dead/", "https://www.alertasyseguridad.com/", "https://www.virustotal.com/graph/embed/g92d7649b0aa240b393b3fd8265eb9015c5555c771b0444c8819799488d38230f" ], "related": { "alienvault": { "adversary": [], "malware_families": [ "Trojan:msil/snakekeylogger" ], "industries": [], "unique_indicators": 19 }, "other": { "adversary": [], "malware_families": [ "Snake keylogger" ], "industries": [], "unique_indicators": 157 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/vtaurl.com", "whois": "http://whois.domaintools.com/vtaurl.com", "domain": "vtaurl.com", "hostname": "Unavailable" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 3, "pulses": [ { "id": "628e41bfc638713a4ae14eb1", "name": "PDF Malware Is Not Yet Dead", "description": "For the past decade, attackers have preferred to package malware in Microsoft Office file formats, particularly Word and Excel. In fact, in Q1 2022 nearly half (45%) of malware stopped by HP Wolf Security used Office formats. The reasons are clear: users are familiar with these file types, the applications used to open them are ubiquitous, and they are suited to social engineering lures.", "modified": "2022-05-25T14:48:30.494000", "created": "2022-05-25T14:48:30.494000", "tags": [ "pdf document", "snake keylogger", "cve201711882" ], "references": [ "https://threatresearch.ext.hp.com/pdf-malware-is-not-yet-dead/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Trojan:MSIL/SnakeKeylogger", "display_name": "Trojan:MSIL/SnakeKeylogger", "target": "/malware/Trojan:MSIL/SnakeKeylogger" } ], "attack_ids": [ { "id": "T1137.001", "name": "Office Template Macros", "display_name": "T1137.001 - Office Template Macros" }, { "id": "T1193", "name": "Spearphishing Attachment", "display_name": "T1193 - Spearphishing Attachment" }, { "id": "T1068", "name": "Exploitation for Privilege Escalation", "display_name": "T1068 - Exploitation for Privilege Escalation" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 326, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "URL": 4, "CVE": 1, "FileHash-MD5": 4, "FileHash-SHA1": 4, "FileHash-SHA256": 6 }, "indicator_count": 19, "is_author": false, "is_subscribing": null, "subscriber_count": 386520, "modified_text": "1466 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65708f14e7a0c53e2a5cee85", "name": "157 CONEXIONES MALICIOSAS | CONEXION CON FILE SHA-256: 297f318975256c22e5069d714dd42753b78b0a23e24266b9b67feb7352942962", "description": "", "modified": "2023-12-06T15:11:16.594000", "created": "2023-12-06T15:11:16.594000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 46, "FileHash-MD5": 33, "FileHash-SHA1": 33, "URL": 3, "domain": 1, "hostname": 1 }, "indicator_count": 117, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "906 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "62926ab0fd45be55b7717576", "name": "157 CONEXIONES MALICIOSAS | CONEXION CON FILE SHA-256: 297f318975256c22e5069d714dd42753b78b0a23e24266b9b67feb7352942962", "description": "Estas 157 conexiones se pueden evidenciar en seguimiento virus total: https://www.virustotal.com/graph/embed/g92d7649b0aa240b393b3fd8265eb9015c5555c771b0444c8819799488d38230f, cabe se\u00f1alar que este se reaizar apartir de indicador proporcionado por: threatresearch.ext.hp.com en aviso de OTX:https://otx.alienvault.com/pulse/628e41bfc638713a4ae14eb1, donde se realzaciona este con actividad de SNAKE KEYLOGGER", "modified": "2022-06-27T00:04:33.529000", "created": "2022-05-28T18:32:16.091000", "tags": [], "references": [ "https://www.virustotal.com/graph/embed/g92d7649b0aa240b393b3fd8265eb9015c5555c771b0444c8819799488d38230f", "https://otx.alienvault.com/pulse/628e41bfc638713a4ae14eb1", "https://www.alertasyseguridad.com/" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Germany", "United Kingdom of Great Britain and Northern Ireland", "Colombia", "Argentina", "Brazil", "Canada", "Japan", "Zambia", "Poland", "Netherlands", "Chile", "Viet Nam", "Tanzania, United Republic of", "Kenya", "Czechia", "Estonia", "Mexico" ], "malware_families": [ { "id": "SNAKE KEYLOGGER", "display_name": "SNAKE KEYLOGGER", "target": null } ], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 7, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "esoporteingenieria2020", "id": "121604", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_121604/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 3, "FileHash-MD5": 33, "FileHash-SHA1": 33, "FileHash-SHA256": 46, "domain": 1, "hostname": 1 }, "indicator_count": 117, "is_author": false, "is_subscribing": null, "subscriber_count": 266, "modified_text": "1434 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "https://vtaurl.com/IHytw", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "https://vtaurl.com/IHytw", "type": "URL", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1780226204.0944371 }