{ "type": "URL", "indicator": "https://www.hpupdate.net/us-en/drivers/printers", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "https://www.hpupdate.net/us-en/drivers/printers", "type": "url", "type_title": "URL", "validation": [], "base_indicator": { "id": 3901101258, "indicator": "https://www.hpupdate.net/us-en/drivers/printers", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 4, "pulses": [ { "id": "66616b89c93e2fdea5783ecf", "name": "Operation Crimson Palace: A Technical Deep Dive", "description": "Sophos Managed Detection and Response initiated a threat hunt across customers after detecting abuse of a vulnerable VMware executable. The hunt uncovered a complex, persistent cyberespionage campaign by Chinese state-sponsored actors targeting a high-profile government organization in Southeast Asia. Three distinct clusters of intrusion activity, designated Alpha, Bravo, and Charlie, were identified operating from at least March to December 2023. This report provides an in-depth technical analysis of the tactics, techniques, and procedures used by each cluster, including credential access, lateral movement, persistence mechanisms, command and control infrastructure, defense evasion tactics, and data exfiltration methods. It also details previous compromises observed within the same organization dating back to early 2022.", "modified": "2024-07-06T07:03:30.324000", "created": "2024-06-06T07:55:53.329000", "tags": [ "cobalt strike", "cyberespionage", "powheartbeat", "credential access", "pocoproxy", "intrusion", "malware", "rudebird", "phantomnet", "ccoredoor", "eagerbee", "lateral movement", "impersoni-fake-ator", "nupakage" ], "references": [ "https://news.sophos.com/en-us/2024/06/05/operation-crimson-palace-a-technical-deep-dive/", "https://raw.githubusercontent.com/sophoslabs/IoCs/master/crimson_palace_stac1248-alpha.csv", "https://raw.githubusercontent.com/sophoslabs/IoCs/master/crimson_palace_stac1870_bravo.csv", "https://raw.githubusercontent.com/sophoslabs/IoCs/master/crimson_palace_stac1305_charlie.csv", "https://raw.githubusercontent.com/sophoslabs/IoCs/master/crimson_palace_prior_intrusions.csv", "https://raw.githubusercontent.com/sophoslabs/IoCs/master/crimson_palace_post-08-2023.csv" ], "public": 1, "adversary": "Chinese state actors", "targeted_countries": [], "malware_families": [ { "id": "NUPAKAGE", "display_name": "NUPAKAGE", "target": null }, { "id": "EAGERBEE", "display_name": "EAGERBEE", "target": null }, { "id": "CCoreDoor", "display_name": "CCoreDoor", "target": null }, { "id": "PhantomNet", "display_name": "PhantomNet", "target": null }, { "id": "PowHeartBeat", "display_name": "PowHeartBeat", "target": null }, { "id": "RUDEBIRD", "display_name": "RUDEBIRD", "target": null }, { "id": "Impersoni-Fake-Ator", "display_name": "Impersoni-Fake-Ator", "target": null }, { "id": "PocoProxy", "display_name": "PocoProxy", "target": null }, { "id": "Cobalt Strike - S0154", "display_name": "Cobalt Strike - S0154", "target": null } ], "attack_ids": [ { "id": "T1033", "name": "System Owner/User Discovery", "display_name": "T1033 - System Owner/User Discovery" }, { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1543", "name": "Create or Modify System Process", "display_name": "T1543 - Create or Modify System Process" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1021", "name": "Remote Services", "display_name": "T1021 - Remote Services" }, { "id": "T1207", "name": "Rogue Domain Controller", "display_name": "T1207 - Rogue Domain Controller" }, { "id": "T1087", "name": "Account Discovery", "display_name": "T1087 - Account Discovery" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1569", "name": "System Services", "display_name": "T1569 - System Services" }, { "id": "T1018", "name": "Remote System Discovery", "display_name": "T1018 - Remote System Discovery" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" } ], "industries": [ "Government" ], "TLP": "white", "cloned_from": null, "export_count": 372, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "URL": 2, "domain": 8, "hostname": 11, "FileHash-MD5": 12, "FileHash-SHA1": 12, "FileHash-SHA256": 82 }, "indicator_count": 127, "is_author": false, "is_subscribing": null, "subscriber_count": 386950, "modified_text": "696 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "66e7b012fa10fcca2774bf64", "name": "China-based cyber espionage campaign in SE Asia is expanding, says Sophos", "description": "According to cybersecurity company Sophos, a suspected China-based cyber espionage campaign called \"Operation Crimson Palace\"\nis expanding its operations to additional countries. The campaign began in 2023 and is made up of three attack groups whose activity\nis managed by China's Ministry of State Security. The group's activity ceased in August 2023, but has recently resumed using a\npreviously undocumented keylogger. The group uses open-source tools like Cobalt Strike (for command and control [C2 or C&C]),\nSharpHound (for reconnaissance), Impacket (for lateral movement), Donut (a shellcode loader), Cloudflare tunnel (also for C2 work),", "modified": "2024-10-16T04:01:12.862000", "created": "2024-09-16T04:12:02.372000", "tags": [ "clusters", "APT15", "UNC5330", "UNC2063", "ChamelGang", "Unfading Seahaze", "Red Delta", "Cluster Charlie", "APT32." ], "references": [ "https://news.sophos.com/en-us/2024/09/09/crimson-palace-new-tools-tactics-targets/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 17, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "tr2222200", "id": "207905", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 15, "FileHash-SHA1": 8, "FileHash-SHA256": 8, "URL": 1, "domain": 6, "hostname": 3 }, "indicator_count": 41, "is_author": false, "is_subscribing": null, "subscriber_count": 188, "modified_text": "594 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "666157618a2fa421c929b33e", "name": "Operation Crimson Palace: Sophos threat hunting unveils multiple clusters of Chinese state-sponsored activity targeting Southeast Asian government", "description": "MOBPOPUP.dll (CSC) has been found to be the source of a malicious DLL, which can be found in Microsoft's operating system, on the second day of the Windows Store.", "modified": "2024-07-06T06:00:23.162000", "created": "2024-06-06T06:29:53.356000", "tags": [ "phantomnet c2", "phantomnet", "eagerbee", "rudebird c2", "eagerbee c2", "powheartbeat c2", "vbs script", "pocoproxy", "cobalt strike", "custom", "stowaway", "nupakage", "malicious dll" ], "references": [ "https://news.sophos.com/en-us/2024/06/05/operation-crimson-palace-sophos-threat-hunting-unveils-multiple-clusters-of-chinese-state-sponsored-activity-targeting-southeast-asia/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 26, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "tr2222200", "id": "207905", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 13, "FileHash-SHA1": 13, "FileHash-SHA256": 83, "domain": 6, "hostname": 9, "URL": 1 }, "indicator_count": 125, "is_author": false, "is_subscribing": null, "subscriber_count": 186, "modified_text": "696 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "667a592982de3cea35ce3500", "name": "Operation Crimson Palace: Sophos threat hunting unveils multiple clusters of Chinese state-sponsored activity targeting Southeast Asian government", "description": "", "modified": "2024-07-06T06:00:23.162000", "created": "2024-06-25T05:44:09.410000", "tags": [ "phantomnet c2", "phantomnet", "eagerbee", "rudebird c2", "eagerbee c2", "powheartbeat c2", "vbs script", "pocoproxy", "cobalt strike", "custom", "stowaway", "nupakage", "malicious dll" ], "references": [ "https://news.sophos.com/en-us/2024/06/05/operation-crimson-palace-sophos-threat-hunting-unveils-multiple-clusters-of-chinese-state-sponsored-activity-targeting-southeast-asia/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": "666157618a2fa421c929b33e", "export_count": 4, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Tr1sa111", "id": "192483", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 13, "FileHash-SHA1": 13, "FileHash-SHA256": 83, "domain": 6, "hostname": 9, "URL": 1 }, "indicator_count": 125, "is_author": false, "is_subscribing": null, "subscriber_count": 277, "modified_text": "696 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [ "https://news.sophos.com/en-us/2024/06/05/operation-crimson-palace-sophos-threat-hunting-unveils-multiple-clusters-of-chinese-state-sponsored-activity-targeting-southeast-asia/", "https://raw.githubusercontent.com/sophoslabs/IoCs/master/crimson_palace_post-08-2023.csv", "https://raw.githubusercontent.com/sophoslabs/IoCs/master/crimson_palace_prior_intrusions.csv", "https://raw.githubusercontent.com/sophoslabs/IoCs/master/crimson_palace_stac1248-alpha.csv", "https://news.sophos.com/en-us/2024/06/05/operation-crimson-palace-a-technical-deep-dive/", "https://raw.githubusercontent.com/sophoslabs/IoCs/master/crimson_palace_stac1870_bravo.csv", "https://news.sophos.com/en-us/2024/09/09/crimson-palace-new-tools-tactics-targets/", "https://raw.githubusercontent.com/sophoslabs/IoCs/master/crimson_palace_stac1305_charlie.csv" ], "related": { "alienvault": { "adversary": [ "Chinese state actors" ], "malware_families": [ "Phantomnet", "Impersoni-fake-ator", "Eagerbee", "Pocoproxy", "Cobalt strike - s0154", "Ccoredoor", "Rudebird", "Nupakage", "Powheartbeat" ], "industries": [ "Government" ], "unique_indicators": 162 }, "other": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 177 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/hpupdate.net", "whois": "http://whois.domaintools.com/hpupdate.net", "domain": "hpupdate.net", "hostname": "www.hpupdate.net" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 4, "pulses": [ { "id": "66616b89c93e2fdea5783ecf", "name": "Operation Crimson Palace: A Technical Deep Dive", "description": "Sophos Managed Detection and Response initiated a threat hunt across customers after detecting abuse of a vulnerable VMware executable. The hunt uncovered a complex, persistent cyberespionage campaign by Chinese state-sponsored actors targeting a high-profile government organization in Southeast Asia. Three distinct clusters of intrusion activity, designated Alpha, Bravo, and Charlie, were identified operating from at least March to December 2023. This report provides an in-depth technical analysis of the tactics, techniques, and procedures used by each cluster, including credential access, lateral movement, persistence mechanisms, command and control infrastructure, defense evasion tactics, and data exfiltration methods. It also details previous compromises observed within the same organization dating back to early 2022.", "modified": "2024-07-06T07:03:30.324000", "created": "2024-06-06T07:55:53.329000", "tags": [ "cobalt strike", "cyberespionage", "powheartbeat", "credential access", "pocoproxy", "intrusion", "malware", "rudebird", "phantomnet", "ccoredoor", "eagerbee", "lateral movement", "impersoni-fake-ator", "nupakage" ], "references": [ "https://news.sophos.com/en-us/2024/06/05/operation-crimson-palace-a-technical-deep-dive/", "https://raw.githubusercontent.com/sophoslabs/IoCs/master/crimson_palace_stac1248-alpha.csv", "https://raw.githubusercontent.com/sophoslabs/IoCs/master/crimson_palace_stac1870_bravo.csv", "https://raw.githubusercontent.com/sophoslabs/IoCs/master/crimson_palace_stac1305_charlie.csv", "https://raw.githubusercontent.com/sophoslabs/IoCs/master/crimson_palace_prior_intrusions.csv", "https://raw.githubusercontent.com/sophoslabs/IoCs/master/crimson_palace_post-08-2023.csv" ], "public": 1, "adversary": "Chinese state actors", "targeted_countries": [], "malware_families": [ { "id": "NUPAKAGE", "display_name": "NUPAKAGE", "target": null }, { "id": "EAGERBEE", "display_name": "EAGERBEE", "target": null }, { "id": "CCoreDoor", "display_name": "CCoreDoor", "target": null }, { "id": "PhantomNet", "display_name": "PhantomNet", "target": null }, { "id": "PowHeartBeat", "display_name": "PowHeartBeat", "target": null }, { "id": "RUDEBIRD", "display_name": "RUDEBIRD", "target": null }, { "id": "Impersoni-Fake-Ator", "display_name": "Impersoni-Fake-Ator", "target": null }, { "id": "PocoProxy", "display_name": "PocoProxy", "target": null }, { "id": "Cobalt Strike - S0154", "display_name": "Cobalt Strike - S0154", "target": null } ], "attack_ids": [ { "id": "T1033", "name": "System Owner/User Discovery", "display_name": "T1033 - System Owner/User Discovery" }, { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1543", "name": "Create or Modify System Process", "display_name": "T1543 - Create or Modify System Process" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1021", "name": "Remote Services", "display_name": "T1021 - Remote Services" }, { "id": "T1207", "name": "Rogue Domain Controller", "display_name": "T1207 - Rogue Domain Controller" }, { "id": "T1087", "name": "Account Discovery", "display_name": "T1087 - Account Discovery" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1569", "name": "System Services", "display_name": "T1569 - System Services" }, { "id": "T1018", "name": "Remote System Discovery", "display_name": "T1018 - Remote System Discovery" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" } ], "industries": [ "Government" ], "TLP": "white", "cloned_from": null, "export_count": 372, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "URL": 2, "domain": 8, "hostname": 11, "FileHash-MD5": 12, "FileHash-SHA1": 12, "FileHash-SHA256": 82 }, "indicator_count": 127, "is_author": false, "is_subscribing": null, "subscriber_count": 386950, "modified_text": "696 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "66e7b012fa10fcca2774bf64", "name": "China-based cyber espionage campaign in SE Asia is expanding, says Sophos", "description": "According to cybersecurity company Sophos, a suspected China-based cyber espionage campaign called \"Operation Crimson Palace\"\nis expanding its operations to additional countries. The campaign began in 2023 and is made up of three attack groups whose activity\nis managed by China's Ministry of State Security. The group's activity ceased in August 2023, but has recently resumed using a\npreviously undocumented keylogger. The group uses open-source tools like Cobalt Strike (for command and control [C2 or C&C]),\nSharpHound (for reconnaissance), Impacket (for lateral movement), Donut (a shellcode loader), Cloudflare tunnel (also for C2 work),", "modified": "2024-10-16T04:01:12.862000", "created": "2024-09-16T04:12:02.372000", "tags": [ "clusters", "APT15", "UNC5330", "UNC2063", "ChamelGang", "Unfading Seahaze", "Red Delta", "Cluster Charlie", "APT32." ], "references": [ "https://news.sophos.com/en-us/2024/09/09/crimson-palace-new-tools-tactics-targets/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 17, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "tr2222200", "id": "207905", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 15, "FileHash-SHA1": 8, "FileHash-SHA256": 8, "URL": 1, "domain": 6, "hostname": 3 }, "indicator_count": 41, "is_author": false, "is_subscribing": null, "subscriber_count": 188, "modified_text": "594 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "666157618a2fa421c929b33e", "name": "Operation Crimson Palace: Sophos threat hunting unveils multiple clusters of Chinese state-sponsored activity targeting Southeast Asian government", "description": "MOBPOPUP.dll (CSC) has been found to be the source of a malicious DLL, which can be found in Microsoft's operating system, on the second day of the Windows Store.", "modified": "2024-07-06T06:00:23.162000", "created": "2024-06-06T06:29:53.356000", "tags": [ "phantomnet c2", "phantomnet", "eagerbee", "rudebird c2", "eagerbee c2", "powheartbeat c2", "vbs script", "pocoproxy", "cobalt strike", "custom", "stowaway", "nupakage", "malicious dll" ], "references": [ "https://news.sophos.com/en-us/2024/06/05/operation-crimson-palace-sophos-threat-hunting-unveils-multiple-clusters-of-chinese-state-sponsored-activity-targeting-southeast-asia/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 26, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "tr2222200", "id": "207905", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 13, "FileHash-SHA1": 13, "FileHash-SHA256": 83, "domain": 6, "hostname": 9, "URL": 1 }, "indicator_count": 125, "is_author": false, "is_subscribing": null, "subscriber_count": 186, "modified_text": "696 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "667a592982de3cea35ce3500", "name": "Operation Crimson Palace: Sophos threat hunting unveils multiple clusters of Chinese state-sponsored activity targeting Southeast Asian government", "description": "", "modified": "2024-07-06T06:00:23.162000", "created": "2024-06-25T05:44:09.410000", "tags": [ "phantomnet c2", "phantomnet", "eagerbee", "rudebird c2", "eagerbee c2", "powheartbeat c2", "vbs script", "pocoproxy", "cobalt strike", "custom", "stowaway", "nupakage", "malicious dll" ], "references": [ "https://news.sophos.com/en-us/2024/06/05/operation-crimson-palace-sophos-threat-hunting-unveils-multiple-clusters-of-chinese-state-sponsored-activity-targeting-southeast-asia/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": "666157618a2fa421c929b33e", "export_count": 4, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Tr1sa111", "id": "192483", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 13, "FileHash-SHA1": 13, "FileHash-SHA256": 83, "domain": 6, "hostname": 9, "URL": 1 }, "indicator_count": 125, "is_author": false, "is_subscribing": null, "subscriber_count": 277, "modified_text": "696 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "https://www.hpupdate.net/us-en/drivers/printers", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "https://www.hpupdate.net/us-en/drivers/printers", "type": "URL", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1780429383.3620262 }