{ "type": "Domain", "indicator": "icepapers.com", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/icepapers.com", "alexa": "http://www.alexa.com/siteinfo/icepapers.com", "indicator": "icepapers.com", "type": "domain", "type_title": "Domain", "validation": [], "base_indicator": { "id": 3566773758, "indicator": "icepapers.com", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 2, "pulses": [ { "id": "655875976e053dcf96260bde", "name": "Seychelles, Seychelles, on the C(2) Shore", "description": "A bulletproof hosting provider registered in the Republic of Seychelles is associated with multiple malicious campaigns, including ransomware and crypto miners, according to research carried out by the S2 Research Team.", "modified": "2023-12-18T08:03:59.446000", "created": "2023-11-18T08:28:07.134000", "tags": [ "eliteteam", "seychelles", "c2 server", "as51381", "redline stealer", "amadey c2", "august", "mrssoprano666", "fidelity", "limited", "february", "amadey", "june", "virustotal", "smokeloader", "alex", "april", "recordbreaker", "telecom", "djvu", "v2", "threatfox", "et", "stage download", "traffic inbound" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [ "Seychelles", "Brazil", "India", "South Africa" ], "malware_families": [ { "id": "Smokeloader", "display_name": "Smokeloader", "target": null }, { "id": "Djvu", "display_name": "Djvu", "target": null }, { "id": "V2", "display_name": "V2", "target": null }, { "id": "ThreatFox", "display_name": "ThreatFox", "target": null }, { "id": "ET", "display_name": "ET", "target": null }, { "id": "Stage Download", "display_name": "Stage Download", "target": null }, { "id": "Traffic Inbound", "display_name": "Traffic Inbound", "target": null }, { "id": "Amadey", "display_name": "Amadey", "target": null } ], "attack_ids": [ { "id": "T1104", "name": "Multi-Stage Channels", "display_name": "T1104 - Multi-Stage Channels" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1021", "name": "Remote Services", "display_name": "T1021 - Remote Services" }, { "id": "T1199", "name": "Trusted Relationship", "display_name": "T1199 - Trusted Relationship" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 18, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "ghitansilviu@gmail.com", "id": "177478", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CIDR": 1, "CVE": 1, "FileHash-MD5": 7, "FileHash-SHA1": 6, "FileHash-SHA256": 19, "URL": 4, "domain": 15, "hostname": 1 }, "indicator_count": 54, "is_author": false, "is_subscribing": null, "subscriber_count": 48, "modified_text": "895 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "633ee7153a2c5ad74ce94138", "name": "EliteTeam Bulletproof Hosting - malicious sites and CIDR block", "description": "IOCs from https://www.team-cymru.com/post/seychelles-seychelles-on-the-c-2-shore\nELITETEAM\n\u201c1337TEAM LIMITED\u201d: AS39770, AS60424, AS56873, and AS51381, but mainly operates from AS51381, which is associated with netblock 185.215.113.0/24.", "modified": "2022-11-05T14:03:58.709000", "created": "2022-10-06T14:32:53.663000", "tags": [ "BulletProof Hosting", "ELITETEAM", "Redline", "Smokeloader", "Amadey", "Phishing", "Raccoon Stealer" ], "references": [ "EliteTeam bulletproof hosting.csv" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Techronik", "id": "114546", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 15, "CIDR": 1, "hostname": 1 }, "indicator_count": 17, "is_author": false, "is_subscribing": null, "subscriber_count": 82, "modified_text": "1303 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "references": [ "EliteTeam bulletproof hosting.csv" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [] }, "other": { "adversary": [], "malware_families": [ "Smokeloader", "Traffic inbound", "V2", "Threatfox", "Djvu", "Et", "Stage download", "Amadey" ], "industries": [] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 2, "pulses": [ { "id": "655875976e053dcf96260bde", "name": "Seychelles, Seychelles, on the C(2) Shore", "description": "A bulletproof hosting provider registered in the Republic of Seychelles is associated with multiple malicious campaigns, including ransomware and crypto miners, according to research carried out by the S2 Research Team.", "modified": "2023-12-18T08:03:59.446000", "created": "2023-11-18T08:28:07.134000", "tags": [ "eliteteam", "seychelles", "c2 server", "as51381", "redline stealer", "amadey c2", "august", "mrssoprano666", "fidelity", "limited", "february", "amadey", "june", "virustotal", "smokeloader", "alex", "april", "recordbreaker", "telecom", "djvu", "v2", "threatfox", "et", "stage download", "traffic inbound" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [ "Seychelles", "Brazil", "India", "South Africa" ], "malware_families": [ { "id": "Smokeloader", "display_name": "Smokeloader", "target": null }, { "id": "Djvu", "display_name": "Djvu", "target": null }, { "id": "V2", "display_name": "V2", "target": null }, { "id": "ThreatFox", "display_name": "ThreatFox", "target": null }, { "id": "ET", "display_name": "ET", "target": null }, { "id": "Stage Download", "display_name": "Stage Download", "target": null }, { "id": "Traffic Inbound", "display_name": "Traffic Inbound", "target": null }, { "id": "Amadey", "display_name": "Amadey", "target": null } ], "attack_ids": [ { "id": "T1104", "name": "Multi-Stage Channels", "display_name": "T1104 - Multi-Stage Channels" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1021", "name": "Remote Services", "display_name": "T1021 - Remote Services" }, { "id": "T1199", "name": "Trusted Relationship", "display_name": "T1199 - Trusted Relationship" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 18, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "ghitansilviu@gmail.com", "id": "177478", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CIDR": 1, "CVE": 1, "FileHash-MD5": 7, "FileHash-SHA1": 6, "FileHash-SHA256": 19, "URL": 4, "domain": 15, "hostname": 1 }, "indicator_count": 54, "is_author": false, "is_subscribing": null, "subscriber_count": 48, "modified_text": "895 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "633ee7153a2c5ad74ce94138", "name": "EliteTeam Bulletproof Hosting - malicious sites and CIDR block", "description": "IOCs from https://www.team-cymru.com/post/seychelles-seychelles-on-the-c-2-shore\nELITETEAM\n\u201c1337TEAM LIMITED\u201d: AS39770, AS60424, AS56873, and AS51381, but mainly operates from AS51381, which is associated with netblock 185.215.113.0/24.", "modified": "2022-11-05T14:03:58.709000", "created": "2022-10-06T14:32:53.663000", "tags": [ "BulletProof Hosting", "ELITETEAM", "Redline", "Smokeloader", "Amadey", "Phishing", "Raccoon Stealer" ], "references": [ "EliteTeam bulletproof hosting.csv" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Techronik", "id": "114546", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 15, "CIDR": 1, "hostname": 1 }, "indicator_count": 17, "is_author": false, "is_subscribing": null, "subscriber_count": 82, "modified_text": "1303 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "icepapers.com", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "icepapers.com", "found": false, "verdict": "clean", "urls": [], "error": null }, "from_cache": true, "_cached_at": 1780237402.3713064 }