{ "type": "Domain", "indicator": "msdn-update.com", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/msdn-update.com", "alexa": "http://www.alexa.com/siteinfo/msdn-update.com", "indicator": "msdn-update.com", "type": "domain", "type_title": "Domain", "validation": [], "base_indicator": { "id": 2013598284, "indicator": "msdn-update.com", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 2, "pulses": [ { "id": "5d9620fe94859e82197a1750", "name": "Magecart Group 4: A link with Cobalt Group?", "description": "Magecart is a term that has become a household name, and it refers to the theft of credit card data via online stores. The most common scenario is for criminals to compromise e-commerce sites by injecting rogue JavaScript code designed to steal any information entered by victims on the checkout page.", "modified": "2019-10-03T16:25:34.329000", "created": "2019-10-03T16:25:34.329000", "tags": [ "Magecart" ], "references": [ "https://blog.malwarebytes.com/threat-analysis/2019/10/magecart-group-4-a-link-with-cobalt-group/" ], "public": 1, "adversary": "Magecart", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [ "Retail" ], "TLP": "white", "cloned_from": null, "export_count": 99, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "email": 19, "URL": 95, "IPv6": 1, "hostname": 24, "FileHash-SHA256": 1, "domain": 56 }, "indicator_count": 196, "is_author": false, "is_subscribing": null, "subscriber_count": 386782, "modified_text": "2433 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "5cd2ab4fa31b77a6a4c0a84f", "name": "FIN7.5 the infamous cybercrime rig FIN7 continues its activities", "description": "On August 1, 2018, the US Department of Justice announced that it had arrested several individuals suspected of having ties to the FIN7 cybercrime rig. FIN7 operations are linked to numerous intrusion attempts having targeted hundreds of companies since at least as early as 2015. Interestingly, this threat actor created fake companies in order to hire remote pentesters, developers and interpreters to participate in their malicious business. The main goal behind its malicious activities was to steal financial assets from companies, such as debit cards, or get access to financial data or computers of finance department employees in order to conduct wire transfers to offshore accounts.", "modified": "2019-05-23T08:40:10.199000", "created": "2019-05-08T10:11:26.836000", "tags": [ "fin7", "carbanak" ], "references": [ "https://securelist.com/fin7-5-the-infamous-cybercrime-rig-fin7-continues-its-activities/90703/", "https://twitter.com/HONKONE_K/status/1131432019940917248" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 70, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 11, "domain": 47, "hostname": 6, "FileHash-MD5": 1 }, "indicator_count": 65, "is_author": false, "is_subscribing": null, "subscriber_count": 386796, "modified_text": "2566 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "references": [ "https://twitter.com/HONKONE_K/status/1131432019940917248", "https://blog.malwarebytes.com/threat-analysis/2019/10/magecart-group-4-a-link-with-cobalt-group/", "https://securelist.com/fin7-5-the-infamous-cybercrime-rig-fin7-continues-its-activities/90703/" ], "related": { "alienvault": { "adversary": [ "Magecart" ], "malware_families": [], "industries": [ "Retail" ] }, "other": { "adversary": [], "malware_families": [], "industries": [] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 2, "pulses": [ { "id": "5d9620fe94859e82197a1750", "name": "Magecart Group 4: A link with Cobalt Group?", "description": "Magecart is a term that has become a household name, and it refers to the theft of credit card data via online stores. The most common scenario is for criminals to compromise e-commerce sites by injecting rogue JavaScript code designed to steal any information entered by victims on the checkout page.", "modified": "2019-10-03T16:25:34.329000", "created": "2019-10-03T16:25:34.329000", "tags": [ "Magecart" ], "references": [ "https://blog.malwarebytes.com/threat-analysis/2019/10/magecart-group-4-a-link-with-cobalt-group/" ], "public": 1, "adversary": "Magecart", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [ "Retail" ], "TLP": "white", "cloned_from": null, "export_count": 99, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "email": 19, "URL": 95, "IPv6": 1, "hostname": 24, "FileHash-SHA256": 1, "domain": 56 }, "indicator_count": 196, "is_author": false, "is_subscribing": null, "subscriber_count": 386782, "modified_text": "2433 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "5cd2ab4fa31b77a6a4c0a84f", "name": "FIN7.5 the infamous cybercrime rig FIN7 continues its activities", "description": "On August 1, 2018, the US Department of Justice announced that it had arrested several individuals suspected of having ties to the FIN7 cybercrime rig. FIN7 operations are linked to numerous intrusion attempts having targeted hundreds of companies since at least as early as 2015. Interestingly, this threat actor created fake companies in order to hire remote pentesters, developers and interpreters to participate in their malicious business. The main goal behind its malicious activities was to steal financial assets from companies, such as debit cards, or get access to financial data or computers of finance department employees in order to conduct wire transfers to offshore accounts.", "modified": "2019-05-23T08:40:10.199000", "created": "2019-05-08T10:11:26.836000", "tags": [ "fin7", "carbanak" ], "references": [ "https://securelist.com/fin7-5-the-infamous-cybercrime-rig-fin7-continues-its-activities/90703/", "https://twitter.com/HONKONE_K/status/1131432019940917248" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 70, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 11, "domain": 47, "hostname": 6, "FileHash-MD5": 1 }, "indicator_count": 65, "is_author": false, "is_subscribing": null, "subscriber_count": 386796, "modified_text": "2566 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "msdn-update.com", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "msdn-update.com", "found": false, "verdict": "clean", "urls": [], "error": null }, "from_cache": true, "_cached_at": 1780346001.276178 }