{ "type": "Domain", "indicator": "mag8u1tejdt.biz", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/mag8u1tejdt.biz", "alexa": "http://www.alexa.com/siteinfo/mag8u1tejdt.biz", "indicator": "mag8u1tejdt.biz", "type": "domain", "type_title": "Domain", "validation": [], "base_indicator": { "id": 990, "indicator": "mag8u1tejdt.biz", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 2, "pulses": [ { "id": "54cbfc7a11d4081fc5708fc6", "name": "Operation Windigo", "description": "", "modified": "2019-06-07T19:10:48.446000", "created": "2015-01-30T21:49:46.326000", "tags": [], "references": [ "https://www.welivesecurity.com/wp-content/uploads/2014/03/operation_windigo.pdf" ], "public": 1, "adversary": null, "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": "", "export_count": 54, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "domain": 58, "FileHash-SHA1": 68, "YARA": 1 }, "indicator_count": 127, "is_author": false, "is_subscribing": null, "subscriber_count": 377565, "modified_text": "2507 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "66446cf7b279daa58cd48e34", "name": "Ebury is alive but unseen: 400k Linux servers compromised for cryptocurrency theft and financial gain", "description": "GitHub is the world's leading open source platform for software development and development, and we want you to join us to help us develop and develop the next generation of software for the platform and other platforms.", "modified": "2024-06-14T08:05:17.527000", "created": "2024-05-15T08:06:15.053000", "tags": [ "sign", "search", "github", "code issues", "pull", "skip", "navigation", "menu", "product actions", "automate", "star", "footer", "ebury", "modified", "grep", "iocs", "openssh", "domain", "ssh client", "ebury payload", "linuxebury", "system", "first", "bind", "shell", "obsolete", "kill", "apache" ], "references": [ "https://github.com/eset/malware-ioc/tree/master/windigo", "https://raw.githubusercontent.com/eset/malware-ioc/master/windigo/README.adoc" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 26, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunter_NL", "id": "171283", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_171283/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 73, "FileHash-SHA1": 141, "FileHash-SHA256": 73, "URL": 1, "domain": 82, "email": 1 }, "indicator_count": 371, "is_author": false, "is_subscribing": null, "subscriber_count": 847, "modified_text": "674 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "references": [ "https://github.com/eset/malware-ioc/tree/master/windigo", "https://raw.githubusercontent.com/eset/malware-ioc/master/windigo/README.adoc", "https://www.welivesecurity.com/wp-content/uploads/2014/03/operation_windigo.pdf" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [] }, "other": { "adversary": [], "malware_families": [], "industries": [] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 2, "pulses": [ { "id": "54cbfc7a11d4081fc5708fc6", "name": "Operation Windigo", "description": "", "modified": "2019-06-07T19:10:48.446000", "created": "2015-01-30T21:49:46.326000", "tags": [], "references": [ "https://www.welivesecurity.com/wp-content/uploads/2014/03/operation_windigo.pdf" ], "public": 1, "adversary": null, "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": "", "export_count": 54, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "domain": 58, "FileHash-SHA1": 68, "YARA": 1 }, "indicator_count": 127, "is_author": false, "is_subscribing": null, "subscriber_count": 377565, "modified_text": "2507 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "66446cf7b279daa58cd48e34", "name": "Ebury is alive but unseen: 400k Linux servers compromised for cryptocurrency theft and financial gain", "description": "GitHub is the world's leading open source platform for software development and development, and we want you to join us to help us develop and develop the next generation of software for the platform and other platforms.", "modified": "2024-06-14T08:05:17.527000", "created": "2024-05-15T08:06:15.053000", "tags": [ "sign", "search", "github", "code issues", "pull", "skip", "navigation", "menu", "product actions", "automate", "star", "footer", "ebury", "modified", "grep", "iocs", "openssh", "domain", "ssh client", "ebury payload", "linuxebury", "system", "first", "bind", "shell", "obsolete", "kill", "apache" ], "references": [ "https://github.com/eset/malware-ioc/tree/master/windigo", "https://raw.githubusercontent.com/eset/malware-ioc/master/windigo/README.adoc" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 26, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunter_NL", "id": "171283", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_171283/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 73, "FileHash-SHA1": 141, "FileHash-SHA256": 73, "URL": 1, "domain": 82, "email": 1 }, "indicator_count": 371, "is_author": false, "is_subscribing": null, "subscriber_count": 847, "modified_text": "674 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "mag8u1tejdt.biz", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "mag8u1tejdt.biz", "found": false, "verdict": "clean", "urls": [], "error": null }, "from_cache": true, "_cached_at": 1776590824.674195 }