{ "type": "Domain", "indicator": "morrowadded.com", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/morrowadded.com", "alexa": "http://www.alexa.com/siteinfo/morrowadded.com", "indicator": "morrowadded.com", "type": "domain", "type_title": "Domain", "validation": [], "base_indicator": { "id": 3770104910, "indicator": "morrowadded.com", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 4, "pulses": [ { "id": "68bef37d948f9f130f1cbecc", "name": "Significant Risk and Proactive Defense", "description": "A comprehensive analysis reveals a substantial threat posed by domains linked to Salt Typhoon and UNC4841, likely China-associated cyberespionage actors. The investigation uncovered a larger network of domain names beyond those publicly known, indicating a pattern of long-term access and sophisticated operations. A recent breach of a U.S. telecommunications provider, discovered a year after the fact, underscores the persistent nature of these threats. Organizations potentially at risk of Chinese espionage are strongly advised to scrutinize their DNS logs for the past five years, checking for requests to listed domains, subdomains, and associated IP addresses. Ongoing monitoring and information sharing are crucial in defending against this evolving threat landscape.", "modified": "2025-09-08T15:19:36.403000", "created": "2025-09-08T15:17:17.853000", "tags": [ "telecommunications", "persistent threat", "domain infrastructure", "long-term access", "cyberespionage" ], "references": [ "https://www.silentpush.com/blog/salt-typhoon-2025/" ], "public": 1, "adversary": "Salt Typhoon, UNC4841", "targeted_countries": [ "United States of America" ], "malware_families": [], "attack_ids": [ { "id": "T1071.004", "name": "DNS", "display_name": "T1071.004 - DNS" }, { "id": "T1583.001", "name": "Domains", "display_name": "T1583.001 - Domains" }, { "id": "T1589.002", "name": "Email Addresses", "display_name": "T1589.002 - Email Addresses" }, { "id": "T1568", "name": "Dynamic Resolution", "display_name": "T1568 - Dynamic Resolution" }, { "id": "T1571", "name": "Non-Standard Port", "display_name": "T1571 - Non-Standard Port" }, { "id": "T1590.001", "name": "Domain Properties", "display_name": "T1590.001 - Domain Properties" } ], "industries": [ "Telecommunications" ], "TLP": "white", "cloned_from": null, "export_count": 75649, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "domain": 45, "hostname": 2 }, "indicator_count": 47, "is_author": false, "is_subscribing": null, "subscriber_count": 387081, "modified_text": "267 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "68ca542a70d6b89d74e7610c", "name": "aasdd", "description": "The following is a full list of up-to-dateupdata, which has been compiled by the British Library and the Association of Chartered Surveyors (BSPs) for the past 20 years.", "modified": "2025-10-17T06:04:52.323000", "created": "2025-09-17T06:24:42.069000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "abinsiby7048", "id": "355718", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 5, "domain": 45, "hostname": 3 }, "indicator_count": 53, "is_author": false, "is_subscribing": null, "subscriber_count": 22, "modified_text": "229 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "68bff3e33540d09bd27e7c8c", "name": "EbeeSep2025 Pt2", "description": "", "modified": "2025-10-11T12:03:16.109000", "created": "2025-09-09T09:31:15.081000", "tags": [], "references": [ "Sep week2.pdf" ], "public": 1, "adversary": "Multiple", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "IMEBEEIMFINE", "id": "343873", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 175, "FileHash-SHA1": 165, "FileHash-SHA256": 382, "domain": 75, "hostname": 17, "FilePath": 4, "URL": 17 }, "indicator_count": 835, "is_author": false, "is_subscribing": null, "subscriber_count": 39, "modified_text": "235 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "68c25b29cb401c32731b9035", "name": "\"Salt Typhoon and UNC4841: Silent Push Discovers New Domains; Urges Defenders to Check Telemetry and Log Data \"", "description": "", "modified": "2025-09-11T05:16:25.087000", "created": "2025-09-11T05:16:25.087000", "tags": [ "telecommunications", "persistent threat", "domain infrastructure", "long-term access", "cyberespionage" ], "references": [ "https://www.silentpush.com/blog/salt-typhoon-2025/" ], "public": 1, "adversary": "Salt Typhoon, UNC4841", "targeted_countries": [ "United States of America" ], "malware_families": [], "attack_ids": [ { "id": "T1071.004", "name": "DNS", "display_name": "T1071.004 - DNS" }, { "id": "T1583.001", "name": "Domains", "display_name": "T1583.001 - Domains" }, { "id": "T1589.002", "name": "Email Addresses", "display_name": "T1589.002 - Email Addresses" }, { "id": "T1568", "name": "Dynamic Resolution", "display_name": "T1568 - Dynamic Resolution" }, { "id": "T1571", "name": "Non-Standard Port", "display_name": "T1571 - Non-Standard Port" }, { "id": "T1590.001", "name": "Domain Properties", "display_name": "T1590.001 - Domain Properties" } ], "industries": [ "Telecommunications" ], "TLP": "white", "cloned_from": "68bef37d948f9f130f1cbecc", "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Tr1sa111", "id": "192483", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 45, "hostname": 2 }, "indicator_count": 47, "is_author": false, "is_subscribing": null, "subscriber_count": 282, "modified_text": "265 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "references": [ "Sep week2.pdf", "https://www.silentpush.com/blog/salt-typhoon-2025/" ], "related": { "alienvault": { "adversary": [ "Salt Typhoon, UNC4841" ], "malware_families": [], "industries": [ "Telecommunications" ] }, "other": { "adversary": [ "Multiple", "Salt Typhoon, UNC4841" ], "malware_families": [], "industries": [ "Telecommunications" ] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 4, "pulses": [ { "id": "68bef37d948f9f130f1cbecc", "name": "Significant Risk and Proactive Defense", "description": "A comprehensive analysis reveals a substantial threat posed by domains linked to Salt Typhoon and UNC4841, likely China-associated cyberespionage actors. The investigation uncovered a larger network of domain names beyond those publicly known, indicating a pattern of long-term access and sophisticated operations. A recent breach of a U.S. telecommunications provider, discovered a year after the fact, underscores the persistent nature of these threats. Organizations potentially at risk of Chinese espionage are strongly advised to scrutinize their DNS logs for the past five years, checking for requests to listed domains, subdomains, and associated IP addresses. Ongoing monitoring and information sharing are crucial in defending against this evolving threat landscape.", "modified": "2025-09-08T15:19:36.403000", "created": "2025-09-08T15:17:17.853000", "tags": [ "telecommunications", "persistent threat", "domain infrastructure", "long-term access", "cyberespionage" ], "references": [ "https://www.silentpush.com/blog/salt-typhoon-2025/" ], "public": 1, "adversary": "Salt Typhoon, UNC4841", "targeted_countries": [ "United States of America" ], "malware_families": [], "attack_ids": [ { "id": "T1071.004", "name": "DNS", "display_name": "T1071.004 - DNS" }, { "id": "T1583.001", "name": "Domains", "display_name": "T1583.001 - Domains" }, { "id": "T1589.002", "name": "Email Addresses", "display_name": "T1589.002 - Email Addresses" }, { "id": "T1568", "name": "Dynamic Resolution", "display_name": "T1568 - Dynamic Resolution" }, { "id": "T1571", "name": "Non-Standard Port", "display_name": "T1571 - Non-Standard Port" }, { "id": "T1590.001", "name": "Domain Properties", "display_name": "T1590.001 - Domain Properties" } ], "industries": [ "Telecommunications" ], "TLP": "white", "cloned_from": null, "export_count": 75649, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "domain": 45, "hostname": 2 }, "indicator_count": 47, "is_author": false, "is_subscribing": null, "subscriber_count": 387081, "modified_text": "267 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "68ca542a70d6b89d74e7610c", "name": "aasdd", "description": "The following is a full list of up-to-dateupdata, which has been compiled by the British Library and the Association of Chartered Surveyors (BSPs) for the past 20 years.", "modified": "2025-10-17T06:04:52.323000", "created": "2025-09-17T06:24:42.069000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "abinsiby7048", "id": "355718", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 5, "domain": 45, "hostname": 3 }, "indicator_count": 53, "is_author": false, "is_subscribing": null, "subscriber_count": 22, "modified_text": "229 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "68bff3e33540d09bd27e7c8c", "name": "EbeeSep2025 Pt2", "description": "", "modified": "2025-10-11T12:03:16.109000", "created": "2025-09-09T09:31:15.081000", "tags": [], "references": [ "Sep week2.pdf" ], "public": 1, "adversary": "Multiple", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "IMEBEEIMFINE", "id": "343873", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 175, "FileHash-SHA1": 165, "FileHash-SHA256": 382, "domain": 75, "hostname": 17, "FilePath": 4, "URL": 17 }, "indicator_count": 835, "is_author": false, "is_subscribing": null, "subscriber_count": 39, "modified_text": "235 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "68c25b29cb401c32731b9035", "name": "\"Salt Typhoon and UNC4841: Silent Push Discovers New Domains; Urges Defenders to Check Telemetry and Log Data \"", "description": "", "modified": "2025-09-11T05:16:25.087000", "created": "2025-09-11T05:16:25.087000", "tags": [ "telecommunications", "persistent threat", "domain infrastructure", "long-term access", "cyberespionage" ], "references": [ "https://www.silentpush.com/blog/salt-typhoon-2025/" ], "public": 1, "adversary": "Salt Typhoon, UNC4841", "targeted_countries": [ "United States of America" ], "malware_families": [], "attack_ids": [ { "id": "T1071.004", "name": "DNS", "display_name": "T1071.004 - DNS" }, { "id": "T1583.001", "name": "Domains", "display_name": "T1583.001 - Domains" }, { "id": "T1589.002", "name": "Email Addresses", "display_name": "T1589.002 - Email Addresses" }, { "id": "T1568", "name": "Dynamic Resolution", "display_name": "T1568 - Dynamic Resolution" }, { "id": "T1571", "name": "Non-Standard Port", "display_name": "T1571 - Non-Standard Port" }, { "id": "T1590.001", "name": "Domain Properties", "display_name": "T1590.001 - Domain Properties" } ], "industries": [ "Telecommunications" ], "TLP": "white", "cloned_from": "68bef37d948f9f130f1cbecc", "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Tr1sa111", "id": "192483", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 45, "hostname": 2 }, "indicator_count": 47, "is_author": false, "is_subscribing": null, "subscriber_count": 282, "modified_text": "265 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "morrowadded.com", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "morrowadded.com", "found": false, "verdict": "clean", "urls": [], "error": null }, "from_cache": true, "_cached_at": 1780489315.3827605 }