{ "type": "Domain", "indicator": "imtoken.net.im", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/imtoken.net.im", "alexa": "http://www.alexa.com/siteinfo/imtoken.net.im", "indicator": "imtoken.net.im", "type": "domain", "type_title": "Domain", "validation": [], "base_indicator": { "id": 3407385065, "indicator": "imtoken.net.im", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 8, "pulses": [ { "id": "6244300fee718397c862a21e", "name": "Crypto malware in patched wallets targeting Android and iOS devices", "description": "ESET Research has uncovered a sophisticated scheme that distributes malware posing as popular cryptocurrency wallets on social media and on the messaging service Telegram. the first time we have seen such a scheme.", "modified": "2022-04-29T00:05:19.794000", "created": "2022-03-30T10:25:18.440000", "tags": [ "android", "ios", "cryptocurrency theft" ], "references": [ "https://www.welivesecurity.com/2022/03/24/crypto-malware-patched-wallets-targeting-android-ios-devices/" ], "public": 1, "adversary": "", "targeted_countries": [ "China" ], "malware_families": [], "attack_ids": [ { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1417", "name": "Input Capture", "display_name": "T1417 - Input Capture" }, { "id": "T1437", "name": "Standard Application Layer Protocol", "display_name": "T1437 - Standard Application Layer Protocol" }, { "id": "T1444", "name": "Masquerade as Legitimate Application", "display_name": "T1444 - Masquerade as Legitimate Application" }, { "id": "T1475", "name": "Deliver Malicious App via Authorized App Store", "display_name": "T1475 - Deliver Malicious App via Authorized App Store" }, { "id": "T1478", "name": "Install Insecure or Malicious Configuration", "display_name": "T1478 - Install Insecure or Malicious Configuration" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 274, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "hostname": 23, "FileHash-MD5": 39, "FileHash-SHA1": 39, "FileHash-SHA256": 39, "URL": 2, "domain": 52 }, "indicator_count": 194, "is_author": false, "is_subscribing": null, "subscriber_count": 386499, "modified_text": "1493 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "62c7fb0f8ab654b1c8ebb621", "name": "jintingtingtesttest", "description": "A look back at some of the most eye-catching stories of recent weeks, as compiled by the BBC News website, with the help of a handful of key characters:..com.-", "modified": "2022-08-07T00:05:43.824000", "created": "2022-07-08T09:38:23.587000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 7, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "jtt12345", "id": "194112", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 4268, "URL": 101, "FileHash-MD5": 13, "FileHash-SHA256": 1, "domain": 283 }, "indicator_count": 4666, "is_author": false, "is_subscribing": null, "subscriber_count": 30, "modified_text": "1393 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "62c7fb0ff1ead7d85fad5e43", "name": "jintingtingtesttest", "description": "A look back at some of the most eye-catching stories of recent weeks, as compiled by the BBC News website, with the help of a handful of key characters:..com.-", "modified": "2022-08-07T00:05:43.824000", "created": "2022-07-08T09:38:23.273000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 7, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "jtt12345", "id": "194112", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 4268, "URL": 101, "FileHash-MD5": 13, "FileHash-SHA256": 1, "domain": 283 }, "indicator_count": 4666, "is_author": false, "is_subscribing": null, "subscriber_count": 30, "modified_text": "1393 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "62c7fb128e18ef22262d95d0", "name": "jintingtingtesttest", "description": "A look back at some of the most eye-catching stories of recent weeks, as compiled by the BBC News website, with the help of a handful of key characters:..com.-", "modified": "2022-08-07T00:05:43.824000", "created": "2022-07-08T09:38:26.026000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 6, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "jtt12345", "id": "194112", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 4268, "URL": 101, "FileHash-MD5": 13, "FileHash-SHA256": 1, "domain": 283 }, "indicator_count": 4666, "is_author": false, "is_subscribing": null, "subscriber_count": 30, "modified_text": "1393 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "624306bfccefe8144d582265", "name": "Crypto malware in patched wallets targeting Android and iOS devices | WeLiveSecurity", "description": "ESET Research has uncovered a sophisticated scheme that distributes trojanized Android and iOS apps posing as popular cryptocurrency wallets, mainly targeting Chinese users, and is likely to spread to other markets, such as China.", "modified": "2022-04-28T00:00:15.198000", "created": "2022-03-29T13:16:47.856000", "tags": [ "amalicious", "distribution", "jaxx liberty", "android", "google play", "telegram", "trust wallet", "app store", "eset research", "metamask", "bitpie", "facebook", "alliance", "patched", "general" ], "references": [ "https://www.welivesecurity.com/2022/03/24/crypto-malware-patched-wallets-targeting-android-ios-devices/" ], "public": 1, "adversary": "", "targeted_countries": [ "China" ], "malware_families": [], "attack_ids": [ { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1113", "name": "Screen Capture", "display_name": "T1113 - Screen Capture" }, { "id": "T1417", "name": "Input Capture", "display_name": "T1417 - Input Capture" }, { "id": "T1437", "name": "Standard Application Layer Protocol", "display_name": "T1437 - Standard Application Layer Protocol" }, { "id": "T1444", "name": "Masquerade as Legitimate Application", "display_name": "T1444 - Masquerade as Legitimate Application" }, { "id": "T1475", "name": "Deliver Malicious App via Authorized App Store", "display_name": "T1475 - Deliver Malicious App via Authorized App Store" }, { "id": "T1478", "name": "Install Insecure or Malicious Configuration", "display_name": "T1478 - Install Insecure or Malicious Configuration" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "manuelzepeda", "id": "102853", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 39, "FileHash-SHA1": 39, "FileHash-SHA256": 39, "URL": 2, "domain": 52, "hostname": 19 }, "indicator_count": 190, "is_author": false, "is_subscribing": null, "subscriber_count": 60, "modified_text": "1494 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "623d64c8570cddcbd2a8d4f0", "name": "Crypto malware in patched wallets targeting Android and iOS devices | WeLiveSecurity", "description": "ESET Research has uncovered a sophisticated scheme that distributes trojanized Android and iOS apps posing as cryptocurrency wallets, which it believes could be used to steal users\u2019 funds. and is mainly targeting Chinese users.", "modified": "2022-04-24T00:01:15.470000", "created": "2022-03-25T06:44:24.575000", "tags": [ "distribution", "jaxx liberty", "android", "google play", "telegram", "trust wallet", "app store", "eset research", "metamask", "bitpie", "facebook", "alliance", "patched", "general", "panda" ], "references": [ "https://www.welivesecurity.com/2022/03/24/crypto-malware-patched-wallets-targeting-android-ios-devices/" ], "public": 1, "adversary": "", "targeted_countries": [ "China" ], "malware_families": [], "attack_ids": [ { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1113", "name": "Screen Capture", "display_name": "T1113 - Screen Capture" }, { "id": "T1417", "name": "Input Capture", "display_name": "T1417 - Input Capture" }, { "id": "T1437", "name": "Standard Application Layer Protocol", "display_name": "T1437 - Standard Application Layer Protocol" }, { "id": "T1444", "name": "Masquerade as Legitimate Application", "display_name": "T1444 - Masquerade as Legitimate Application" }, { "id": "T1475", "name": "Deliver Malicious App via Authorized App Store", "display_name": "T1475 - Deliver Malicious App via Authorized App Store" }, { "id": "T1478", "name": "Install Insecure or Malicious Configuration", "display_name": "T1478 - Install Insecure or Malicious Configuration" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 10, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "mohdrennis", "id": "138092", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 39, "FileHash-SHA1": 39, "FileHash-SHA256": 39, "URL": 2, "domain": 52, "hostname": 19 }, "indicator_count": 190, "is_author": false, "is_subscribing": null, "subscriber_count": 356, "modified_text": "1498 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "623de82ff2a59ca425a5d9ea", "name": "Crypto malware in patched wallets targeting Android and iOS devices | WeLiveSecurity", "description": "ESET Research has uncovered a sophisticated scheme that distributes trojanized Android and iOS apps posing as cryptocurrency wallets, which it believes could be used to steal users\u2019 funds. and is mainly targeting Chinese users.", "modified": "2022-04-24T00:01:15.470000", "created": "2022-03-25T16:05:03.626000", "tags": [ "distribution", "jaxx liberty", "android", "google play", "telegram", "trust wallet", "app store", "eset research", "metamask", "bitpie", "facebook", "alliance", "patched", "general", "panda" ], "references": [ "https://www.welivesecurity.com/2022/03/24/crypto-malware-patched-wallets-targeting-android-ios-devices/" ], "public": 1, "adversary": "", "targeted_countries": [ "China" ], "malware_families": [], "attack_ids": [ { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1113", "name": "Screen Capture", "display_name": "T1113 - Screen Capture" }, { "id": "T1417", "name": "Input Capture", "display_name": "T1417 - Input Capture" }, { "id": "T1437", "name": "Standard Application Layer Protocol", "display_name": "T1437 - Standard Application Layer Protocol" }, { "id": "T1444", "name": "Masquerade as Legitimate Application", "display_name": "T1444 - Masquerade as Legitimate Application" }, { "id": "T1475", "name": "Deliver Malicious App via Authorized App Store", "display_name": "T1475 - Deliver Malicious App via Authorized App Store" }, { "id": "T1478", "name": "Install Insecure or Malicious Configuration", "display_name": "T1478 - Install Insecure or Malicious Configuration" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunter_NL", "id": "171283", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_171283/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 39, "FileHash-SHA1": 39, "FileHash-SHA256": 39, "URL": 2, "domain": 52, "hostname": 19 }, "indicator_count": 190, "is_author": false, "is_subscribing": null, "subscriber_count": 864, "modified_text": "1498 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "623dea44af1f69b8d738710e", "name": "An Investigation of Cryptocurrency Scams and Schemes", "description": "The full list of names and names of the people who have signed up to take part in the 2016 Olympics and Paralympics in Rio de Janeiro has been revealed. \u00c2\u00a31.3bn", "modified": "2022-04-24T00:01:15.470000", "created": "2022-03-25T16:13:56.244000", "tags": [ "fake", "fake bitpie", "fake metamask", "fake trust", "wallet", "ios sha256", "token", "inject", "iocs", "domain" ], "references": [ "https://www.trendmicro.com/en_us/research/22/c/an-investigation-of-cryptocurrency-scams-and-schemes.html" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunter_NL", "id": "171283", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_171283/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 37, "domain": 30, "URL": 59, "FileHash-MD5": 24, "FileHash-SHA1": 24, "FileHash-SHA256": 249 }, "indicator_count": 423, "is_author": false, "is_subscribing": null, "subscriber_count": 864, "modified_text": "1498 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "references": [ "https://www.welivesecurity.com/2022/03/24/crypto-malware-patched-wallets-targeting-android-ios-devices/", "https://www.trendmicro.com/en_us/research/22/c/an-investigation-of-cryptocurrency-scams-and-schemes.html" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [] }, "other": { "adversary": [], "malware_families": [], "industries": [] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 8, "pulses": [ { "id": "6244300fee718397c862a21e", "name": "Crypto malware in patched wallets targeting Android and iOS devices", "description": "ESET Research has uncovered a sophisticated scheme that distributes malware posing as popular cryptocurrency wallets on social media and on the messaging service Telegram. the first time we have seen such a scheme.", "modified": "2022-04-29T00:05:19.794000", "created": "2022-03-30T10:25:18.440000", "tags": [ "android", "ios", "cryptocurrency theft" ], "references": [ "https://www.welivesecurity.com/2022/03/24/crypto-malware-patched-wallets-targeting-android-ios-devices/" ], "public": 1, "adversary": "", "targeted_countries": [ "China" ], "malware_families": [], "attack_ids": [ { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1417", "name": "Input Capture", "display_name": "T1417 - Input Capture" }, { "id": "T1437", "name": "Standard Application Layer Protocol", "display_name": "T1437 - Standard Application Layer Protocol" }, { "id": "T1444", "name": "Masquerade as Legitimate Application", "display_name": "T1444 - Masquerade as Legitimate Application" }, { "id": "T1475", "name": "Deliver Malicious App via Authorized App Store", "display_name": "T1475 - Deliver Malicious App via Authorized App Store" }, { "id": "T1478", "name": "Install Insecure or Malicious Configuration", "display_name": "T1478 - Install Insecure or Malicious Configuration" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 274, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "hostname": 23, "FileHash-MD5": 39, "FileHash-SHA1": 39, "FileHash-SHA256": 39, "URL": 2, "domain": 52 }, "indicator_count": 194, "is_author": false, "is_subscribing": null, "subscriber_count": 386499, "modified_text": "1493 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "62c7fb0f8ab654b1c8ebb621", "name": "jintingtingtesttest", "description": "A look back at some of the most eye-catching stories of recent weeks, as compiled by the BBC News website, with the help of a handful of key characters:..com.-", "modified": "2022-08-07T00:05:43.824000", "created": "2022-07-08T09:38:23.587000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 7, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "jtt12345", "id": "194112", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 4268, "URL": 101, "FileHash-MD5": 13, "FileHash-SHA256": 1, "domain": 283 }, "indicator_count": 4666, "is_author": false, "is_subscribing": null, "subscriber_count": 30, "modified_text": "1393 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "62c7fb0ff1ead7d85fad5e43", "name": "jintingtingtesttest", "description": "A look back at some of the most eye-catching stories of recent weeks, as compiled by the BBC News website, with the help of a handful of key characters:..com.-", "modified": "2022-08-07T00:05:43.824000", "created": "2022-07-08T09:38:23.273000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 7, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "jtt12345", "id": "194112", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 4268, "URL": 101, "FileHash-MD5": 13, "FileHash-SHA256": 1, "domain": 283 }, "indicator_count": 4666, "is_author": false, "is_subscribing": null, "subscriber_count": 30, "modified_text": "1393 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "62c7fb128e18ef22262d95d0", "name": "jintingtingtesttest", "description": "A look back at some of the most eye-catching stories of recent weeks, as compiled by the BBC News website, with the help of a handful of key characters:..com.-", "modified": "2022-08-07T00:05:43.824000", "created": "2022-07-08T09:38:26.026000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 6, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "jtt12345", "id": "194112", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 4268, "URL": 101, "FileHash-MD5": 13, "FileHash-SHA256": 1, "domain": 283 }, "indicator_count": 4666, "is_author": false, "is_subscribing": null, "subscriber_count": 30, "modified_text": "1393 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "624306bfccefe8144d582265", "name": "Crypto malware in patched wallets targeting Android and iOS devices | WeLiveSecurity", "description": "ESET Research has uncovered a sophisticated scheme that distributes trojanized Android and iOS apps posing as popular cryptocurrency wallets, mainly targeting Chinese users, and is likely to spread to other markets, such as China.", "modified": "2022-04-28T00:00:15.198000", "created": "2022-03-29T13:16:47.856000", "tags": [ "amalicious", "distribution", "jaxx liberty", "android", "google play", "telegram", "trust wallet", "app store", "eset research", "metamask", "bitpie", "facebook", "alliance", "patched", "general" ], "references": [ "https://www.welivesecurity.com/2022/03/24/crypto-malware-patched-wallets-targeting-android-ios-devices/" ], "public": 1, "adversary": "", "targeted_countries": [ "China" ], "malware_families": [], "attack_ids": [ { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1113", "name": "Screen Capture", "display_name": "T1113 - Screen Capture" }, { "id": "T1417", "name": "Input Capture", "display_name": "T1417 - Input Capture" }, { "id": "T1437", "name": "Standard Application Layer Protocol", "display_name": "T1437 - Standard Application Layer Protocol" }, { "id": "T1444", "name": "Masquerade as Legitimate Application", "display_name": "T1444 - Masquerade as Legitimate Application" }, { "id": "T1475", "name": "Deliver Malicious App via Authorized App Store", "display_name": "T1475 - Deliver Malicious App via Authorized App Store" }, { "id": "T1478", "name": "Install Insecure or Malicious Configuration", "display_name": "T1478 - Install Insecure or Malicious Configuration" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "manuelzepeda", "id": "102853", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 39, "FileHash-SHA1": 39, "FileHash-SHA256": 39, "URL": 2, "domain": 52, "hostname": 19 }, "indicator_count": 190, "is_author": false, "is_subscribing": null, "subscriber_count": 60, "modified_text": "1494 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "623d64c8570cddcbd2a8d4f0", "name": "Crypto malware in patched wallets targeting Android and iOS devices | WeLiveSecurity", "description": "ESET Research has uncovered a sophisticated scheme that distributes trojanized Android and iOS apps posing as cryptocurrency wallets, which it believes could be used to steal users\u2019 funds. and is mainly targeting Chinese users.", "modified": "2022-04-24T00:01:15.470000", "created": "2022-03-25T06:44:24.575000", "tags": [ "distribution", "jaxx liberty", "android", "google play", "telegram", "trust wallet", "app store", "eset research", "metamask", "bitpie", "facebook", "alliance", "patched", "general", "panda" ], "references": [ "https://www.welivesecurity.com/2022/03/24/crypto-malware-patched-wallets-targeting-android-ios-devices/" ], "public": 1, "adversary": "", "targeted_countries": [ "China" ], "malware_families": [], "attack_ids": [ { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1113", "name": "Screen Capture", "display_name": "T1113 - Screen Capture" }, { "id": "T1417", "name": "Input Capture", "display_name": "T1417 - Input Capture" }, { "id": "T1437", "name": "Standard Application Layer Protocol", "display_name": "T1437 - Standard Application Layer Protocol" }, { "id": "T1444", "name": "Masquerade as Legitimate Application", "display_name": "T1444 - Masquerade as Legitimate Application" }, { "id": "T1475", "name": "Deliver Malicious App via Authorized App Store", "display_name": "T1475 - Deliver Malicious App via Authorized App Store" }, { "id": "T1478", "name": "Install Insecure or Malicious Configuration", "display_name": "T1478 - Install Insecure or Malicious Configuration" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 10, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "mohdrennis", "id": "138092", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 39, "FileHash-SHA1": 39, "FileHash-SHA256": 39, "URL": 2, "domain": 52, "hostname": 19 }, "indicator_count": 190, "is_author": false, "is_subscribing": null, "subscriber_count": 356, "modified_text": "1498 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "623de82ff2a59ca425a5d9ea", "name": "Crypto malware in patched wallets targeting Android and iOS devices | WeLiveSecurity", "description": "ESET Research has uncovered a sophisticated scheme that distributes trojanized Android and iOS apps posing as cryptocurrency wallets, which it believes could be used to steal users\u2019 funds. and is mainly targeting Chinese users.", "modified": "2022-04-24T00:01:15.470000", "created": "2022-03-25T16:05:03.626000", "tags": [ "distribution", "jaxx liberty", "android", "google play", "telegram", "trust wallet", "app store", "eset research", "metamask", "bitpie", "facebook", "alliance", "patched", "general", "panda" ], "references": [ "https://www.welivesecurity.com/2022/03/24/crypto-malware-patched-wallets-targeting-android-ios-devices/" ], "public": 1, "adversary": "", "targeted_countries": [ "China" ], "malware_families": [], "attack_ids": [ { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1113", "name": "Screen Capture", "display_name": "T1113 - Screen Capture" }, { "id": "T1417", "name": "Input Capture", "display_name": "T1417 - Input Capture" }, { "id": "T1437", "name": "Standard Application Layer Protocol", "display_name": "T1437 - Standard Application Layer Protocol" }, { "id": "T1444", "name": "Masquerade as Legitimate Application", "display_name": "T1444 - Masquerade as Legitimate Application" }, { "id": "T1475", "name": "Deliver Malicious App via Authorized App Store", "display_name": "T1475 - Deliver Malicious App via Authorized App Store" }, { "id": "T1478", "name": "Install Insecure or Malicious Configuration", "display_name": "T1478 - Install Insecure or Malicious Configuration" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunter_NL", "id": "171283", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_171283/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 39, "FileHash-SHA1": 39, "FileHash-SHA256": 39, "URL": 2, "domain": 52, "hostname": 19 }, "indicator_count": 190, "is_author": false, "is_subscribing": null, "subscriber_count": 864, "modified_text": "1498 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "623dea44af1f69b8d738710e", "name": "An Investigation of Cryptocurrency Scams and Schemes", "description": "The full list of names and names of the people who have signed up to take part in the 2016 Olympics and Paralympics in Rio de Janeiro has been revealed. \u00c2\u00a31.3bn", "modified": "2022-04-24T00:01:15.470000", "created": "2022-03-25T16:13:56.244000", "tags": [ "fake", "fake bitpie", "fake metamask", "fake trust", "wallet", "ios sha256", "token", "inject", "iocs", "domain" ], "references": [ "https://www.trendmicro.com/en_us/research/22/c/an-investigation-of-cryptocurrency-scams-and-schemes.html" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunter_NL", "id": "171283", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_171283/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 37, "domain": 30, "URL": 59, "FileHash-MD5": 24, "FileHash-SHA1": 24, "FileHash-SHA256": 249 }, "indicator_count": 423, "is_author": false, "is_subscribing": null, "subscriber_count": 864, "modified_text": "1498 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "imtoken.net.im", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "imtoken.net.im", "found": false, "verdict": "clean", "urls": [], "error": null }, "from_cache": true, "_cached_at": 1780214902.0503864 }