{ "type": "Domain", "indicator": "internet.com.br", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/internet.com.br", "alexa": "http://www.alexa.com/siteinfo/internet.com.br", "indicator": "internet.com.br", "type": "domain", "type_title": "Domain", "validation": [], "base_indicator": { "id": 4042828092, "indicator": "internet.com.br", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 1, "pulses": [ { "id": "67c6d94d3b0f65be3f6b60e1", "name": "Threat Intel Report - W07-2025", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced from various channels and tools. \n\nThese are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week. \n\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools.", "modified": "2025-04-03T10:02:05.354000", "created": "2025-03-04T10:43:25.849000", "tags": [ "mozi", "tech mahindra", "csrmirteam", "threat report", "south africa", "mozi lin", "germany", "greed mi", "greed mirai", "blacklist host", "indonesia", "asyncrat", "agent tesla", "police", "malware", "date", "jaff", "mylobot", "paraguay", "ukraine", "remcos", "february", "steam", "lumma", "finaldraft", "vidar", "ra world", "mirai" ], "references": [ "https://any.run/malware-trends/", "https://urlhaus.abuse.ch/" ], "public": 1, "adversary": "", "targeted_countries": [ "Russian Federation", "China", "United States of America" ], "malware_families": [ { "id": "Lumma", "display_name": "Lumma", "target": null }, { "id": "FinalDraft", "display_name": "FinalDraft", "target": null }, { "id": "Vidar", "display_name": "Vidar", "target": null }, { "id": "RA World", "display_name": "RA World", "target": null }, { "id": "mirai", "display_name": "mirai", "target": null } ], "attack_ids": [ { "id": "T1102", "name": "Web Service", "display_name": "T1102 - Web Service" } ], "industries": [ "Telecoms", "Cryptocurrency", "Telecommunications" ], "TLP": "white", "cloned_from": null, "export_count": 15, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 189, "FileHash-MD5": 13, "FileHash-SHA1": 13, "FileHash-SHA256": 18, "CVE": 1, "domain": 52, "hostname": 123 }, "indicator_count": 409, "is_author": false, "is_subscribing": null, "subscriber_count": 106, "modified_text": "424 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "references": [ "https://urlhaus.abuse.ch/", "https://any.run/malware-trends/" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [] }, "other": { "adversary": [], "malware_families": [ "Finaldraft", "Vidar", "Ra world", "Lumma", "Mirai" ], "industries": [ "Telecoms", "Telecommunications", "Cryptocurrency" ] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 1, "pulses": [ { "id": "67c6d94d3b0f65be3f6b60e1", "name": "Threat Intel Report - W07-2025", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced from various channels and tools. \n\nThese are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week. \n\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools.", "modified": "2025-04-03T10:02:05.354000", "created": "2025-03-04T10:43:25.849000", "tags": [ "mozi", "tech mahindra", "csrmirteam", "threat report", "south africa", "mozi lin", "germany", "greed mi", "greed mirai", "blacklist host", "indonesia", "asyncrat", "agent tesla", "police", "malware", "date", "jaff", "mylobot", "paraguay", "ukraine", "remcos", "february", "steam", "lumma", "finaldraft", "vidar", "ra world", "mirai" ], "references": [ "https://any.run/malware-trends/", "https://urlhaus.abuse.ch/" ], "public": 1, "adversary": "", "targeted_countries": [ "Russian Federation", "China", "United States of America" ], "malware_families": [ { "id": "Lumma", "display_name": "Lumma", "target": null }, { "id": "FinalDraft", "display_name": "FinalDraft", "target": null }, { "id": "Vidar", "display_name": "Vidar", "target": null }, { "id": "RA World", "display_name": "RA World", "target": null }, { "id": "mirai", "display_name": "mirai", "target": null } ], "attack_ids": [ { "id": "T1102", "name": "Web Service", "display_name": "T1102 - Web Service" } ], "industries": [ "Telecoms", "Cryptocurrency", "Telecommunications" ], "TLP": "white", "cloned_from": null, "export_count": 15, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 189, "FileHash-MD5": 13, "FileHash-SHA1": 13, "FileHash-SHA256": 18, "CVE": 1, "domain": 52, "hostname": 123 }, "indicator_count": 409, "is_author": false, "is_subscribing": null, "subscriber_count": 106, "modified_text": "424 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "internet.com.br", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "internet.com.br", "found": false, "verdict": "clean", "urls": [], "error": null }, "from_cache": true, "_cached_at": 1780322959.313671 }