{ "type": "Domain", "indicator": "maingoogle-resolver.com", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/maingoogle-resolver.com", "alexa": "http://www.alexa.com/siteinfo/maingoogle-resolver.com", "indicator": "maingoogle-resolver.com", "type": "domain", "type_title": "Domain", "validation": [], "base_indicator": { "id": 8461393, "indicator": "maingoogle-resolver.com", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 3, "pulses": [ { "id": "58de329c88c71500d0e660b8", "name": "OilRig Campaign Analysis", "description": "The earliest instance where a cyber attack was attributed to the OilRig\ncampaign was in late 2015. To date, two periods of high activity have been\nidentified following the initial attack. These were in May and October 2016.\nAll known samples from these periods used infected Excel files attached to\nphishing emails to infect victims. Once infected, the victim machine can be\ncontrolled by the attacker to perform basic remote-access trojan-like tasks\nincluding command execution and file upload and download.", "modified": "2017-03-31T10:42:35.637000", "created": "2017-03-31T10:42:35.637000", "tags": [ "iran", "oilrig" ], "references": [ "https://logrhythm.com/pdfs/threat-research/logrhythm-labs-oilrig-campaign-analysis.pdf" ], "public": 1, "adversary": "OilRig", "targeted_countries": [ "United States", "Saudi Arabia", "United Arab Emirates", "Qatar", "Turkey" ], "malware_families": [], "attack_ids": [], "industries": [ "Government", "Finance" ], "TLP": "white", "cloned_from": null, "export_count": 74, "upvotes_count": 1.0, "downvotes_count": 0.0, "votes_count": 1.0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "email": 9, "FileHash-SHA256": 26, "domain": 20, "URL": 8, "hostname": 1, "FileHash-MD5": 24, "FileHash-SHA1": 4 }, "indicator_count": 92, "is_author": false, "is_subscribing": null, "subscriber_count": 386662, "modified_text": "3348 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "63456c2a30b92337ea1670e0", "name": "IOC Records Provided by @NextRayAI", "description": "This IOC report provided and daily updated by NextRay AI Detection & Response Inc.", "modified": "2026-05-31T01:02:14", "created": "2022-10-11T13:14:18.676000", "tags": [ "Nextray", "cyber security", "ioc", "phishing", "malicious" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Turkey", "Ukraine", "Romania", "Czechia", "United Kingdom of Great Britain and Northern Ireland", "Norway", "Lithuania", "Estonia", "Latvia", "Poland", "Germany", "Canada", "France", "Denmark" ], "malware_families": [], "attack_ids": [], "industries": [ "Defense", "Industrial", "Government" ], "TLP": "white", "cloned_from": null, "export_count": 1330, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "NextRay-AI", "id": "210822", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_210822/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 498917, "IPv4": 64343, "IPv6": 459, "hostname": 59385, "URL": 166783, "CIDR": 5266, "FileHash-MD5": 29699, "FileHash-SHA256": 50449, "CVE": 348, "email": 914, "Mutex": 49, "FileHash-SHA1": 3453, "FilePath": 34 }, "indicator_count": 880099, "is_author": false, "is_subscribing": null, "subscriber_count": 300, "modified_text": "14 hours ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65707a26e2f66cc507f0eb3c", "name": "OilRig Campaign Analysis", "description": "", "modified": "2023-12-06T13:41:58.409000", "created": "2023-12-06T13:41:58.409000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 26, "domain": 20, "FileHash-MD5": 24, "email": 9, "URL": 8, "hostname": 1, "FileHash-SHA1": 4 }, "indicator_count": 92, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "907 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "references": [ "https://logrhythm.com/pdfs/threat-research/logrhythm-labs-oilrig-campaign-analysis.pdf" ], "related": { "alienvault": { "adversary": [ "OilRig" ], "malware_families": [], "industries": [ "Government", "Finance" ] }, "other": { "adversary": [], "malware_families": [], "industries": [ "Defense", "Government", "Industrial" ] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 3, "pulses": [ { "id": "58de329c88c71500d0e660b8", "name": "OilRig Campaign Analysis", "description": "The earliest instance where a cyber attack was attributed to the OilRig\ncampaign was in late 2015. To date, two periods of high activity have been\nidentified following the initial attack. These were in May and October 2016.\nAll known samples from these periods used infected Excel files attached to\nphishing emails to infect victims. Once infected, the victim machine can be\ncontrolled by the attacker to perform basic remote-access trojan-like tasks\nincluding command execution and file upload and download.", "modified": "2017-03-31T10:42:35.637000", "created": "2017-03-31T10:42:35.637000", "tags": [ "iran", "oilrig" ], "references": [ "https://logrhythm.com/pdfs/threat-research/logrhythm-labs-oilrig-campaign-analysis.pdf" ], "public": 1, "adversary": "OilRig", "targeted_countries": [ "United States", "Saudi Arabia", "United Arab Emirates", "Qatar", "Turkey" ], "malware_families": [], "attack_ids": [], "industries": [ "Government", "Finance" ], "TLP": "white", "cloned_from": null, "export_count": 74, "upvotes_count": 1.0, "downvotes_count": 0.0, "votes_count": 1.0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "email": 9, "FileHash-SHA256": 26, "domain": 20, "URL": 8, "hostname": 1, "FileHash-MD5": 24, "FileHash-SHA1": 4 }, "indicator_count": 92, "is_author": false, "is_subscribing": null, "subscriber_count": 386662, "modified_text": "3348 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "63456c2a30b92337ea1670e0", "name": "IOC Records Provided by @NextRayAI", "description": "This IOC report provided and daily updated by NextRay AI Detection & Response Inc.", "modified": "2026-05-31T01:02:14", "created": "2022-10-11T13:14:18.676000", "tags": [ "Nextray", "cyber security", "ioc", "phishing", "malicious" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Turkey", "Ukraine", "Romania", "Czechia", "United Kingdom of Great Britain and Northern Ireland", "Norway", "Lithuania", "Estonia", "Latvia", "Poland", "Germany", "Canada", "France", "Denmark" ], "malware_families": [], "attack_ids": [], "industries": [ "Defense", "Industrial", "Government" ], "TLP": "white", "cloned_from": null, "export_count": 1330, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "NextRay-AI", "id": "210822", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_210822/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 498917, "IPv4": 64343, "IPv6": 459, "hostname": 59385, "URL": 166783, "CIDR": 5266, "FileHash-MD5": 29699, "FileHash-SHA256": 50449, "CVE": 348, "email": 914, "Mutex": 49, "FileHash-SHA1": 3453, "FilePath": 34 }, "indicator_count": 880099, "is_author": false, "is_subscribing": null, "subscriber_count": 300, "modified_text": "14 hours ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65707a26e2f66cc507f0eb3c", "name": "OilRig Campaign Analysis", "description": "", "modified": "2023-12-06T13:41:58.409000", "created": "2023-12-06T13:41:58.409000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 26, "domain": 20, "FileHash-MD5": 24, "email": 9, "URL": 8, "hostname": 1, "FileHash-SHA1": 4 }, "indicator_count": 92, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "907 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "maingoogle-resolver.com", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "maingoogle-resolver.com", "found": false, "verdict": "clean", "urls": [], "error": null }, "from_cache": true, "_cached_at": 1780241744.3517172 }