{ "type": "Domain", "indicator": "kajon.com", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/kajon.com", "alexa": "http://www.alexa.com/siteinfo/kajon.com", "indicator": "kajon.com", "type": "domain", "type_title": "Domain", "validation": [], "base_indicator": { "id": 3524405311, "indicator": "kajon.com", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 1, "pulses": [ { "id": "62e13b5b5195b028d2425a21", "name": "IcedID IOCs", "description": "A sample of malicious files found in a series of email threads was sent to the BBC by a member of the public, who is now known as the \"Bokbot\" - a nickname for the malicious software.", "modified": "2022-08-26T02:43:07.505000", "created": "2022-07-27T13:19:23.897000", "tags": [ "file size", "sha256 hash", "file location", "iso image", "https traffic", "js file", "file name", "run method", "icedid 64bit", "cobalt strike", "icedid", "filesize", "sha1", "pid1824", "malwarebazaar", "sha256", "database entry", "icedid vendor", "intelligence", "iocs yara", "comments sha256", "sha1 hash", "md5 hash", "download", "twitter", "icedid dll", "monday", "bokbot", "infection with", "icedid gzip", "installer", "file hash", "lnk file", "hashes", "file", "azaz", "hash", "identification", "marble" ], "references": [ "https://twitter.com/executemalware/status/1552088300508291072", "https://twitter.com/Unit42_Intel/status/1551968860756217856", "https://twitter.com/k3dg3/status/1551992175294091265", "https://isc.sans.edu/diary/IcedID+%28Bokbot%29+with+Dark+VNC+and+Cobalt+Strike/28884" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 9, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "brazen.fox.thirteen", "id": "155136", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 27, "domain": 13, "email": 3, "FileHash-SHA1": 4, "FileHash-SHA256": 17, "URL": 10 }, "indicator_count": 74, "is_author": false, "is_subscribing": null, "subscriber_count": 129, "modified_text": "1376 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "references": [ "https://twitter.com/k3dg3/status/1551992175294091265", "https://twitter.com/Unit42_Intel/status/1551968860756217856", "https://twitter.com/executemalware/status/1552088300508291072", "https://isc.sans.edu/diary/IcedID+%28Bokbot%29+with+Dark+VNC+and+Cobalt+Strike/28884" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [] }, "other": { "adversary": [], "malware_families": [], "industries": [] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 1, "pulses": [ { "id": "62e13b5b5195b028d2425a21", "name": "IcedID IOCs", "description": "A sample of malicious files found in a series of email threads was sent to the BBC by a member of the public, who is now known as the \"Bokbot\" - a nickname for the malicious software.", "modified": "2022-08-26T02:43:07.505000", "created": "2022-07-27T13:19:23.897000", "tags": [ "file size", "sha256 hash", "file location", "iso image", "https traffic", "js file", "file name", "run method", "icedid 64bit", "cobalt strike", "icedid", "filesize", "sha1", "pid1824", "malwarebazaar", "sha256", "database entry", "icedid vendor", "intelligence", "iocs yara", "comments sha256", "sha1 hash", "md5 hash", "download", "twitter", "icedid dll", "monday", "bokbot", "infection with", "icedid gzip", "installer", "file hash", "lnk file", "hashes", "file", "azaz", "hash", "identification", "marble" ], "references": [ "https://twitter.com/executemalware/status/1552088300508291072", "https://twitter.com/Unit42_Intel/status/1551968860756217856", "https://twitter.com/k3dg3/status/1551992175294091265", "https://isc.sans.edu/diary/IcedID+%28Bokbot%29+with+Dark+VNC+and+Cobalt+Strike/28884" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 9, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "brazen.fox.thirteen", "id": "155136", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 27, "domain": 13, "email": 3, "FileHash-SHA1": 4, "FileHash-SHA256": 17, "URL": 10 }, "indicator_count": 74, "is_author": false, "is_subscribing": null, "subscriber_count": 129, "modified_text": "1376 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "kajon.com", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "kajon.com", "found": false, "verdict": "clean", "urls": [], "error": null }, "from_cache": true, "_cached_at": 1780394517.4293094 }