{ "type": "Domain", "indicator": "longlakeweb.com", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/longlakeweb.com", "alexa": "http://www.alexa.com/siteinfo/longlakeweb.com", "indicator": "longlakeweb.com", "type": "domain", "type_title": "Domain", "validation": [], "base_indicator": { "id": 2897333350, "indicator": "longlakeweb.com", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 10, "pulses": [ { "id": "655deaade608a53b8d4ada31", "name": "Atomic Stealer distributed to Mac users via fake browser updates", "description": "MalwareBytes reports that Atomic Stealer (a.k.a. AMOS) is now being delivered to Mac users via a fake browser update chain tracked as \u2018ClearFake\u2019.", "modified": "2023-12-22T11:02:14.625000", "created": "2023-11-22T11:49:00.739000", "tags": [ "atomic stealer", "amos", "clearfake", "macos" ], "references": [ "https://www.malwarebytes.com/blog/threat-intelligence/2023/11/atomic-stealer-distributed-to-mac-users-via-fake-browser-updates" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Atomic Stealer", "display_name": "Atomic Stealer", "target": null } ], "attack_ids": [ { "id": "T1041", "name": "Exfiltration Over C2 Channel", "display_name": "T1041 - Exfiltration Over C2 Channel" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 418, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 2, "domain": 4 }, "indicator_count": 6, "is_author": false, "is_subscribing": null, "subscriber_count": 386506, "modified_text": "890 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6654138435c5832ca2c4028f", "name": "DOH Domains IOCs", "description": "The following is a full list of items that you might not have known existed::..com, or, if you were interested in them, are the most likely ones to come up with", "modified": "2024-08-26T04:12:43.497000", "created": "2024-05-27T05:00:52.918000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 25, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "fueledbycoffeeDXB", "id": "272228", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 7, "domain": 1335, "hostname": 667 }, "indicator_count": 2009, "is_author": false, "is_subscribing": null, "subscriber_count": 26, "modified_text": "643 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "66385f3f18ab75304503e48b", "name": "CLEARFAKE CAMPAIGN - DELIVERING MALWARE VIA \u201cFAKE BROWSER UPDATES", "description": "The ClearFake campaign utilizes malicious JavaScript injections, often through compromised WordPress plugins, to present fake browser update pages to unsuspecting users. These pages, delivered via iframes, mimic legitimate browser updates and trick users into downloading malicious payloads. The malware, originally identified by security researcher Randy McEoin, has evolved to employ sophisticated techniques such as EtherHiding, leveraging Binance SmartChain technology for propagation.", "modified": "2024-06-05T04:00:28.483000", "created": "2024-05-06T04:40:31.739000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 10, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StonyCva", "id": "117161", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 5, "FileHash-SHA1": 5, "FileHash-SHA256": 6, "URL": 7, "domain": 4 }, "indicator_count": 27, "is_author": false, "is_subscribing": null, "subscriber_count": 59, "modified_text": "725 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "655ea36f04a83b09bc4e704f", "name": "Atomic Stealer Distributed to Mac Users", "description": "", "modified": "2023-12-23T00:00:27.637000", "created": "2023-11-23T00:57:19.895000", "tags": [], "references": [ "November 23rd, 2023 - CryptoGen Cyber Threat Intelligence Advisory #3622 - Atomic Stealer Distributed to Mac Users.pdf" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 17, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "cryptocti", "id": "110256", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_110256/resized/80/avatar_e237a4257c.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 3, "FileHash-SHA1": 3, "FileHash-SHA256": 5, "URL": 1, "domain": 14, "hostname": 3 }, "indicator_count": 29, "is_author": false, "is_subscribing": null, "subscriber_count": 500, "modified_text": "890 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6560683b39785b2ffd64d31e", "name": " Atomic Stealer distributed to Mac users via fake browser updates", "description": "", "modified": "2023-12-22T11:02:14.625000", "created": "2023-11-24T09:09:15.600000", "tags": [ "atomic stealer", "amos", "clearfake", "macos" ], "references": [ "https://www.malwarebytes.com/blog/threat-intelligence/2023/11/atomic-stealer-distributed-to-mac-users-via-fake-browser-updates" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Atomic Stealer", "display_name": "Atomic Stealer", "target": null } ], "attack_ids": [ { "id": "T1041", "name": "Exfiltration Over C2 Channel", "display_name": "T1041 - Exfiltration Over C2 Channel" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" } ], "industries": [], "TLP": "white", "cloned_from": "655deaade608a53b8d4ada31", "export_count": 13, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "santravault1", "id": "217419", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_217419/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 2, "domain": 4 }, "indicator_count": 6, "is_author": false, "is_subscribing": null, "subscriber_count": 75, "modified_text": "890 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65682394290807428419fef2", "name": "Atomic Stealer distributed to Mac users via fake browser updates", "description": "", "modified": "2023-12-22T11:02:14.625000", "created": "2023-11-30T05:54:28.123000", "tags": [ "atomic stealer", "amos", "clearfake", "macos" ], "references": [ "https://www.malwarebytes.com/blog/threat-intelligence/2023/11/atomic-stealer-distributed-to-mac-users-via-fake-browser-updates" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Atomic Stealer", "display_name": "Atomic Stealer", "target": null } ], "attack_ids": [ { "id": "T1041", "name": "Exfiltration Over C2 Channel", "display_name": "T1041 - Exfiltration Over C2 Channel" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" } ], "industries": [], "TLP": "white", "cloned_from": "655deaade608a53b8d4ada31", "export_count": 11, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "tr2222200", "id": "207905", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 3, "domain": 6 }, "indicator_count": 9, "is_author": false, "is_subscribing": null, "subscriber_count": 186, "modified_text": "890 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65797003988fc8c5ee36792a", "name": "Atomic Stealer distributed to Mac users via fake browser updates", "description": "", "modified": "2023-12-22T11:02:14.625000", "created": "2023-12-13T08:49:07.144000", "tags": [ "atomic stealer", "amos", "clearfake", "macos" ], "references": [ "https://www.malwarebytes.com/blog/threat-intelligence/2023/11/atomic-stealer-distributed-to-mac-users-via-fake-browser-updates" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Atomic Stealer", "display_name": "Atomic Stealer", "target": null } ], "attack_ids": [ { "id": "T1041", "name": "Exfiltration Over C2 Channel", "display_name": "T1041 - Exfiltration Over C2 Channel" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" } ], "industries": [], "TLP": "white", "cloned_from": "65682394290807428419fef2", "export_count": 4, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Tr1sa111", "id": "192483", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 3, "domain": 6 }, "indicator_count": 9, "is_author": false, "is_subscribing": null, "subscriber_count": 276, "modified_text": "890 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "655dd1800309341961a1fac5", "name": "Atomic Stealer distributed to Mac users via fake browser updates | Malwarebytes", "description": "Malwarebytes provides a comprehensive guide to the latest malware threats to target Mac users, as well as those targeting Windows users and those using Google Chrome and Chrome, in a series of posts from security researchers.", "modified": "2023-12-22T10:01:15.852000", "created": "2023-11-22T10:01:36.554000", "tags": [ "atomic stealer", "amos", "clearfake", "windows", "macs", "mac os", "september", "randy mceoin", "august", "november", "macos", "atomic" ], "references": [ "https://www.malwarebytes.com/blog/threat-intelligence/2023/11/atomic-stealer-distributed-to-mac-users-via-fake-browser-updates" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Atomic", "display_name": "Atomic", "target": null } ], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 12, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunter_NL", "id": "171283", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_171283/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 2, "domain": 4 }, "indicator_count": 6, "is_author": false, "is_subscribing": null, "subscriber_count": 862, "modified_text": "891 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "655db958b635e268a089d2bf", "name": "Atomic Stealer distributed to Mac users via fake browser updates | Malwarebytes", "description": "Malwarebytes provides a comprehensive guide to the latest malware threats to target Mac users, as well as those targeting Windows users and those using Google Chrome and Chrome, in a series of posts from security researchers.", "modified": "2023-12-22T08:02:54.047000", "created": "2023-11-22T08:18:32.063000", "tags": [ "atomic stealer", "amos", "clearfake", "windows", "macs", "mac os", "september", "randy mceoin", "august", "november", "macos", "atomic" ], "references": [ "https://www.malwarebytes.com/blog/threat-intelligence/2023/11/atomic-stealer-distributed-to-mac-users-via-fake-browser-updates" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Atomic", "display_name": "Atomic", "target": null } ], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 12, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "ghitansilviu@gmail.com", "id": "177478", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 2, "domain": 4 }, "indicator_count": 6, "is_author": false, "is_subscribing": null, "subscriber_count": 48, "modified_text": "891 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6560fef5b5837bc224d055d2", "name": "Websites hosting Fake Browser Update Assets", "description": "", "modified": "2023-11-24T19:52:21.693000", "created": "2023-11-24T19:52:21.693000", "tags": [], "references": [ "urls.txt" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "sbik_otx1", "id": "262623", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 96, "domain": 12 }, "indicator_count": 108, "is_author": false, "is_subscribing": null, "subscriber_count": 17, "modified_text": "918 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "references": [ "November 23rd, 2023 - CryptoGen Cyber Threat Intelligence Advisory #3622 - Atomic Stealer Distributed to Mac Users.pdf", "urls.txt", "https://www.malwarebytes.com/blog/threat-intelligence/2023/11/atomic-stealer-distributed-to-mac-users-via-fake-browser-updates" ], "related": { "alienvault": { "adversary": [], "malware_families": [ "Atomic stealer" ], "industries": [] }, "other": { "adversary": [], "malware_families": [ "Atomic", "Atomic stealer" ], "industries": [] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 10, "pulses": [ { "id": "655deaade608a53b8d4ada31", "name": "Atomic Stealer distributed to Mac users via fake browser updates", "description": "MalwareBytes reports that Atomic Stealer (a.k.a. AMOS) is now being delivered to Mac users via a fake browser update chain tracked as \u2018ClearFake\u2019.", "modified": "2023-12-22T11:02:14.625000", "created": "2023-11-22T11:49:00.739000", "tags": [ "atomic stealer", "amos", "clearfake", "macos" ], "references": [ "https://www.malwarebytes.com/blog/threat-intelligence/2023/11/atomic-stealer-distributed-to-mac-users-via-fake-browser-updates" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Atomic Stealer", "display_name": "Atomic Stealer", "target": null } ], "attack_ids": [ { "id": "T1041", "name": "Exfiltration Over C2 Channel", "display_name": "T1041 - Exfiltration Over C2 Channel" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 418, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 2, "domain": 4 }, "indicator_count": 6, "is_author": false, "is_subscribing": null, "subscriber_count": 386506, "modified_text": "890 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6654138435c5832ca2c4028f", "name": "DOH Domains IOCs", "description": "The following is a full list of items that you might not have known existed::..com, or, if you were interested in them, are the most likely ones to come up with", "modified": "2024-08-26T04:12:43.497000", "created": "2024-05-27T05:00:52.918000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 25, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "fueledbycoffeeDXB", "id": "272228", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 7, "domain": 1335, "hostname": 667 }, "indicator_count": 2009, "is_author": false, "is_subscribing": null, "subscriber_count": 26, "modified_text": "643 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "66385f3f18ab75304503e48b", "name": "CLEARFAKE CAMPAIGN - DELIVERING MALWARE VIA \u201cFAKE BROWSER UPDATES", "description": "The ClearFake campaign utilizes malicious JavaScript injections, often through compromised WordPress plugins, to present fake browser update pages to unsuspecting users. These pages, delivered via iframes, mimic legitimate browser updates and trick users into downloading malicious payloads. The malware, originally identified by security researcher Randy McEoin, has evolved to employ sophisticated techniques such as EtherHiding, leveraging Binance SmartChain technology for propagation.", "modified": "2024-06-05T04:00:28.483000", "created": "2024-05-06T04:40:31.739000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 10, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StonyCva", "id": "117161", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 5, "FileHash-SHA1": 5, "FileHash-SHA256": 6, "URL": 7, "domain": 4 }, "indicator_count": 27, "is_author": false, "is_subscribing": null, "subscriber_count": 59, "modified_text": "725 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "655ea36f04a83b09bc4e704f", "name": "Atomic Stealer Distributed to Mac Users", "description": "", "modified": "2023-12-23T00:00:27.637000", "created": "2023-11-23T00:57:19.895000", "tags": [], "references": [ "November 23rd, 2023 - CryptoGen Cyber Threat Intelligence Advisory #3622 - Atomic Stealer Distributed to Mac Users.pdf" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 17, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "cryptocti", "id": "110256", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_110256/resized/80/avatar_e237a4257c.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 3, "FileHash-SHA1": 3, "FileHash-SHA256": 5, "URL": 1, "domain": 14, "hostname": 3 }, "indicator_count": 29, "is_author": false, "is_subscribing": null, "subscriber_count": 500, "modified_text": "890 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6560683b39785b2ffd64d31e", "name": " Atomic Stealer distributed to Mac users via fake browser updates", "description": "", "modified": "2023-12-22T11:02:14.625000", "created": "2023-11-24T09:09:15.600000", "tags": [ "atomic stealer", "amos", "clearfake", "macos" ], "references": [ "https://www.malwarebytes.com/blog/threat-intelligence/2023/11/atomic-stealer-distributed-to-mac-users-via-fake-browser-updates" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Atomic Stealer", "display_name": "Atomic Stealer", "target": null } ], "attack_ids": [ { "id": "T1041", "name": "Exfiltration Over C2 Channel", "display_name": "T1041 - Exfiltration Over C2 Channel" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" } ], "industries": [], "TLP": "white", "cloned_from": "655deaade608a53b8d4ada31", "export_count": 13, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "santravault1", "id": "217419", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_217419/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 2, "domain": 4 }, "indicator_count": 6, "is_author": false, "is_subscribing": null, "subscriber_count": 75, "modified_text": "890 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65682394290807428419fef2", "name": "Atomic Stealer distributed to Mac users via fake browser updates", "description": "", "modified": "2023-12-22T11:02:14.625000", "created": "2023-11-30T05:54:28.123000", "tags": [ "atomic stealer", "amos", "clearfake", "macos" ], "references": [ "https://www.malwarebytes.com/blog/threat-intelligence/2023/11/atomic-stealer-distributed-to-mac-users-via-fake-browser-updates" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Atomic Stealer", "display_name": "Atomic Stealer", "target": null } ], "attack_ids": [ { "id": "T1041", "name": "Exfiltration Over C2 Channel", "display_name": "T1041 - Exfiltration Over C2 Channel" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" } ], "industries": [], "TLP": "white", "cloned_from": "655deaade608a53b8d4ada31", "export_count": 11, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "tr2222200", "id": "207905", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 3, "domain": 6 }, "indicator_count": 9, "is_author": false, "is_subscribing": null, "subscriber_count": 186, "modified_text": "890 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65797003988fc8c5ee36792a", "name": "Atomic Stealer distributed to Mac users via fake browser updates", "description": "", "modified": "2023-12-22T11:02:14.625000", "created": "2023-12-13T08:49:07.144000", "tags": [ "atomic stealer", "amos", "clearfake", "macos" ], "references": [ "https://www.malwarebytes.com/blog/threat-intelligence/2023/11/atomic-stealer-distributed-to-mac-users-via-fake-browser-updates" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Atomic Stealer", "display_name": "Atomic Stealer", "target": null } ], "attack_ids": [ { "id": "T1041", "name": "Exfiltration Over C2 Channel", "display_name": "T1041 - Exfiltration Over C2 Channel" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" } ], "industries": [], "TLP": "white", "cloned_from": "65682394290807428419fef2", "export_count": 4, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Tr1sa111", "id": "192483", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 3, "domain": 6 }, "indicator_count": 9, "is_author": false, "is_subscribing": null, "subscriber_count": 276, "modified_text": "890 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "655dd1800309341961a1fac5", "name": "Atomic Stealer distributed to Mac users via fake browser updates | Malwarebytes", "description": "Malwarebytes provides a comprehensive guide to the latest malware threats to target Mac users, as well as those targeting Windows users and those using Google Chrome and Chrome, in a series of posts from security researchers.", "modified": "2023-12-22T10:01:15.852000", "created": "2023-11-22T10:01:36.554000", "tags": [ "atomic stealer", "amos", "clearfake", "windows", "macs", "mac os", "september", "randy mceoin", "august", "november", "macos", "atomic" ], "references": [ "https://www.malwarebytes.com/blog/threat-intelligence/2023/11/atomic-stealer-distributed-to-mac-users-via-fake-browser-updates" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Atomic", "display_name": "Atomic", "target": null } ], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 12, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunter_NL", "id": "171283", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_171283/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 2, "domain": 4 }, "indicator_count": 6, "is_author": false, "is_subscribing": null, "subscriber_count": 862, "modified_text": "891 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "655db958b635e268a089d2bf", "name": "Atomic Stealer distributed to Mac users via fake browser updates | Malwarebytes", "description": "Malwarebytes provides a comprehensive guide to the latest malware threats to target Mac users, as well as those targeting Windows users and those using Google Chrome and Chrome, in a series of posts from security researchers.", "modified": "2023-12-22T08:02:54.047000", "created": "2023-11-22T08:18:32.063000", "tags": [ "atomic stealer", "amos", "clearfake", "windows", "macs", "mac os", "september", "randy mceoin", "august", "november", "macos", "atomic" ], "references": [ "https://www.malwarebytes.com/blog/threat-intelligence/2023/11/atomic-stealer-distributed-to-mac-users-via-fake-browser-updates" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Atomic", "display_name": "Atomic", "target": null } ], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 12, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "ghitansilviu@gmail.com", "id": "177478", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 2, "domain": 4 }, "indicator_count": 6, "is_author": false, "is_subscribing": null, "subscriber_count": 48, "modified_text": "891 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6560fef5b5837bc224d055d2", "name": "Websites hosting Fake Browser Update Assets", "description": "", "modified": "2023-11-24T19:52:21.693000", "created": "2023-11-24T19:52:21.693000", "tags": [], "references": [ "urls.txt" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "sbik_otx1", "id": "262623", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 96, "domain": 12 }, "indicator_count": 108, "is_author": false, "is_subscribing": null, "subscriber_count": 17, "modified_text": "918 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "longlakeweb.com", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "longlakeweb.com", "found": false, "verdict": "clean", "urls": [], "error": null }, "from_cache": true, "_cached_at": 1780222084.1075766 }