{ "type": "Domain", "indicator": "msdnhelp.com", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/msdnhelp.com", "alexa": "http://www.alexa.com/siteinfo/msdnhelp.com", "indicator": "msdnhelp.com", "type": "domain", "type_title": "Domain", "validation": [], "base_indicator": { "id": 4009578916, "indicator": "msdnhelp.com", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 3, "pulses": [ { "id": "6750be8f47f3e59f08377292", "name": "Forges Recruitment Sites, Launches Attacks on Aerospace and Semiconductor Industries in Multiple Countries", "description": "In this analysis, researchers have uncovered a malicious campaign orchestrated by APT35, a threat group believed to be affiliated with the Islamic Revolutionary Guard Corps (IRGC) of Iran. The group has been observed using forged recruitment sites and corporate sites to target the aerospace and semiconductor industries across multiple countries, including the United States, Thailand, the United Arab Emirates, and Israel. The attackers lure victims into downloading and executing malicious processes under the guise of site access or VPN access. The campaign leverages legitimate internet resources such as OneDrive, Google Cloud, and GitHub, and employs various tactics to evade detection and facilitate its operations. The detailed report provides an in-depth examination of the attack methods, infrastructure, and indicators of compromise (IOCs) associated with this campaign.", "modified": "2024-12-04T21:09:18.594000", "created": "2024-12-04T20:41:51.614000", "tags": [ "signedconnection.exe", "semiconductor industry", "middle east", "secur32.dll", "aerospace industry", "targeted attacks", "qt5core.dll", "msvcp.dll", "cyber espionage" ], "references": [ "https://threatbook.io/blog/id/1095" ], "public": 1, "adversary": "APT35", "targeted_countries": [ "United States of America", "Thailand", "United Arab Emirates", "Israel" ], "malware_families": [], "attack_ids": [ { "id": "T1053.005", "name": "Scheduled Task", "display_name": "T1053.005 - Scheduled Task" }, { "id": "T1059.007", "name": "JavaScript", "display_name": "T1059.007 - JavaScript" }, { "id": "T1071.004", "name": "DNS", "display_name": "T1071.004 - DNS" }, { "id": "T1036.005", "name": "Match Legitimate Name or Location", "display_name": "T1036.005 - Match Legitimate Name or Location" }, { "id": "T1497.001", "name": "System Checks", "display_name": "T1497.001 - System Checks" }, { "id": "T1566.001", "name": "Spearphishing Attachment", "display_name": "T1566.001 - Spearphishing Attachment" }, { "id": "T1222.001", "name": "Windows File and Directory Permissions Modification", "display_name": "T1222.001 - Windows File and Directory Permissions Modification" }, { "id": "T1219", "name": "Remote Access Software", "display_name": "T1219 - Remote Access Software" }, { "id": "T1050", "name": "New Service", "display_name": "T1050 - New Service" }, { "id": "T1134.002", "name": "Create Process with Token", "display_name": "T1134.002 - Create Process with Token" }, { "id": "T1059.001", "name": "PowerShell", "display_name": "T1059.001 - PowerShell" }, { "id": "T1195.002", "name": "Compromise Software Supply Chain", "display_name": "T1195.002 - Compromise Software Supply Chain" }, { "id": "T1567.002", "name": "Exfiltration to Cloud Storage", "display_name": "T1567.002 - Exfiltration to Cloud Storage" }, { "id": "T1197", "name": "BITS Jobs", "display_name": "T1197 - BITS Jobs" }, { "id": "T1059.003", "name": "Windows Command Shell", "display_name": "T1059.003 - Windows Command Shell" }, { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1574.002", "name": "DLL Side-Loading", "display_name": "T1574.002 - DLL Side-Loading" }, { "id": "T1558.003", "name": "Kerberoasting", "display_name": "T1558.003 - Kerberoasting" } ], "industries": [ "Aerospace", "Semiconductor" ], "TLP": "white", "cloned_from": null, "export_count": 38, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 2, "FileHash-SHA1": 2, "FileHash-SHA256": 4, "URL": 2, "domain": 3, "hostname": 3 }, "indicator_count": 16, "is_author": false, "is_subscribing": null, "subscriber_count": 386513, "modified_text": "542 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6757db9fa9dc3946531ceb20", "name": "APT35 Forges Recruitment Sites, Launches Attacks on Aerospace and Semiconductor Industries in Multiple Countries", "description": "", "modified": "2024-12-10T06:11:43.360000", "created": "2024-12-10T06:11:43.360000", "tags": [ "signedconnection.exe", "semiconductor industry", "middle east", "secur32.dll", "aerospace industry", "targeted attacks", "qt5core.dll", "msvcp.dll", "cyber espionage" ], "references": [ "https://threatbook.io/blog/id/1095" ], "public": 1, "adversary": "APT35", "targeted_countries": [ "United States of America", "Thailand", "United Arab Emirates", "Israel" ], "malware_families": [], "attack_ids": [ { "id": "T1053.005", "name": "Scheduled Task", "display_name": "T1053.005 - Scheduled Task" }, { "id": "T1059.007", "name": "JavaScript", "display_name": "T1059.007 - JavaScript" }, { "id": "T1071.004", "name": "DNS", "display_name": "T1071.004 - DNS" }, { "id": "T1036.005", "name": "Match Legitimate Name or Location", "display_name": "T1036.005 - Match Legitimate Name or Location" }, { "id": "T1497.001", "name": "System Checks", "display_name": "T1497.001 - System Checks" }, { "id": "T1566.001", "name": "Spearphishing Attachment", "display_name": "T1566.001 - Spearphishing Attachment" }, { "id": "T1222.001", "name": "Windows File and Directory Permissions Modification", "display_name": "T1222.001 - Windows File and Directory Permissions Modification" }, { "id": "T1219", "name": "Remote Access Software", "display_name": "T1219 - Remote Access Software" }, { "id": "T1050", "name": "New Service", "display_name": "T1050 - New Service" }, { "id": "T1134.002", "name": "Create Process with Token", "display_name": "T1134.002 - Create Process with Token" }, { "id": "T1059.001", "name": "PowerShell", "display_name": "T1059.001 - PowerShell" }, { "id": "T1195.002", "name": "Compromise Software Supply Chain", "display_name": "T1195.002 - Compromise Software Supply Chain" }, { "id": "T1567.002", "name": "Exfiltration to Cloud Storage", "display_name": "T1567.002 - Exfiltration to Cloud Storage" }, { "id": "T1197", "name": "BITS Jobs", "display_name": "T1197 - BITS Jobs" }, { "id": "T1059.003", "name": "Windows Command Shell", "display_name": "T1059.003 - Windows Command Shell" }, { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1574.002", "name": "DLL Side-Loading", "display_name": "T1574.002 - DLL Side-Loading" }, { "id": "T1558.003", "name": "Kerberoasting", "display_name": "T1558.003 - Kerberoasting" } ], "industries": [ "Aerospace", "Semiconductor" ], "TLP": "white", "cloned_from": "6757d1d8361772f503b3a35d", "export_count": 13, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Tr1sa111", "id": "192483", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 2, "FileHash-SHA1": 2, "FileHash-SHA256": 4, "URL": 2, "domain": 3, "hostname": 3 }, "indicator_count": 16, "is_author": false, "is_subscribing": null, "subscriber_count": 276, "modified_text": "537 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6757d1d8361772f503b3a35d", "name": "APT35 Forges Recruitment Sites, Launches Attacks on Aerospace and Semiconductor Industries in Multiple Countries", "description": "", "modified": "2024-12-10T05:30:00.009000", "created": "2024-12-10T05:30:00.009000", "tags": [ "signedconnection.exe", "semiconductor industry", "middle east", "secur32.dll", "aerospace industry", "targeted attacks", "qt5core.dll", "msvcp.dll", "cyber espionage" ], "references": [ "https://threatbook.io/blog/id/1095" ], "public": 1, "adversary": "APT35", "targeted_countries": [ "United States of America", "Thailand", "United Arab Emirates", "Israel" ], "malware_families": [], "attack_ids": [ { "id": "T1053.005", "name": "Scheduled Task", "display_name": "T1053.005 - Scheduled Task" }, { "id": "T1059.007", "name": "JavaScript", "display_name": "T1059.007 - JavaScript" }, { "id": "T1071.004", "name": "DNS", "display_name": "T1071.004 - DNS" }, { "id": "T1036.005", "name": "Match Legitimate Name or Location", "display_name": "T1036.005 - Match Legitimate Name or Location" }, { "id": "T1497.001", "name": "System Checks", "display_name": "T1497.001 - System Checks" }, { "id": "T1566.001", "name": "Spearphishing Attachment", "display_name": "T1566.001 - Spearphishing Attachment" }, { "id": "T1222.001", "name": "Windows File and Directory Permissions Modification", "display_name": "T1222.001 - Windows File and Directory Permissions Modification" }, { "id": "T1219", "name": "Remote Access Software", "display_name": "T1219 - Remote Access Software" }, { "id": "T1050", "name": "New Service", "display_name": "T1050 - New Service" }, { "id": "T1134.002", "name": "Create Process with Token", "display_name": "T1134.002 - Create Process with Token" }, { "id": "T1059.001", "name": "PowerShell", "display_name": "T1059.001 - PowerShell" }, { "id": "T1195.002", "name": "Compromise Software Supply Chain", "display_name": "T1195.002 - Compromise Software Supply Chain" }, { "id": "T1567.002", "name": "Exfiltration to Cloud Storage", "display_name": "T1567.002 - Exfiltration to Cloud Storage" }, { "id": "T1197", "name": "BITS Jobs", "display_name": "T1197 - BITS Jobs" }, { "id": "T1059.003", "name": "Windows Command Shell", "display_name": "T1059.003 - Windows Command Shell" }, { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1574.002", "name": "DLL Side-Loading", "display_name": "T1574.002 - DLL Side-Loading" }, { "id": "T1558.003", "name": "Kerberoasting", "display_name": "T1558.003 - Kerberoasting" } ], "industries": [ "Aerospace", "Semiconductor" ], "TLP": "white", "cloned_from": "6750be8f47f3e59f08377292", "export_count": 11, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "tr2222200", "id": "207905", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 2, "FileHash-SHA1": 2, "FileHash-SHA256": 4, "URL": 2, "domain": 3, "hostname": 3 }, "indicator_count": 16, "is_author": false, "is_subscribing": null, "subscriber_count": 186, "modified_text": "537 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "references": [ "https://threatbook.io/blog/id/1095" ], "related": { "alienvault": { "adversary": [ "APT35" ], "malware_families": [], "industries": [ "Semiconductor", "Aerospace" ] }, "other": { "adversary": [ "APT35" ], "malware_families": [], "industries": [ "Semiconductor", "Aerospace" ] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 3, "pulses": [ { "id": "6750be8f47f3e59f08377292", "name": "Forges Recruitment Sites, Launches Attacks on Aerospace and Semiconductor Industries in Multiple Countries", "description": "In this analysis, researchers have uncovered a malicious campaign orchestrated by APT35, a threat group believed to be affiliated with the Islamic Revolutionary Guard Corps (IRGC) of Iran. The group has been observed using forged recruitment sites and corporate sites to target the aerospace and semiconductor industries across multiple countries, including the United States, Thailand, the United Arab Emirates, and Israel. The attackers lure victims into downloading and executing malicious processes under the guise of site access or VPN access. The campaign leverages legitimate internet resources such as OneDrive, Google Cloud, and GitHub, and employs various tactics to evade detection and facilitate its operations. The detailed report provides an in-depth examination of the attack methods, infrastructure, and indicators of compromise (IOCs) associated with this campaign.", "modified": "2024-12-04T21:09:18.594000", "created": "2024-12-04T20:41:51.614000", "tags": [ "signedconnection.exe", "semiconductor industry", "middle east", "secur32.dll", "aerospace industry", "targeted attacks", "qt5core.dll", "msvcp.dll", "cyber espionage" ], "references": [ "https://threatbook.io/blog/id/1095" ], "public": 1, "adversary": "APT35", "targeted_countries": [ "United States of America", "Thailand", "United Arab Emirates", "Israel" ], "malware_families": [], "attack_ids": [ { "id": "T1053.005", "name": "Scheduled Task", "display_name": "T1053.005 - Scheduled Task" }, { "id": "T1059.007", "name": "JavaScript", "display_name": "T1059.007 - JavaScript" }, { "id": "T1071.004", "name": "DNS", "display_name": "T1071.004 - DNS" }, { "id": "T1036.005", "name": "Match Legitimate Name or Location", "display_name": "T1036.005 - Match Legitimate Name or Location" }, { "id": "T1497.001", "name": "System Checks", "display_name": "T1497.001 - System Checks" }, { "id": "T1566.001", "name": "Spearphishing Attachment", "display_name": "T1566.001 - Spearphishing Attachment" }, { "id": "T1222.001", "name": "Windows File and Directory Permissions Modification", "display_name": "T1222.001 - Windows File and Directory Permissions Modification" }, { "id": "T1219", "name": "Remote Access Software", "display_name": "T1219 - Remote Access Software" }, { "id": "T1050", "name": "New Service", "display_name": "T1050 - New Service" }, { "id": "T1134.002", "name": "Create Process with Token", "display_name": "T1134.002 - Create Process with Token" }, { "id": "T1059.001", "name": "PowerShell", "display_name": "T1059.001 - PowerShell" }, { "id": "T1195.002", "name": "Compromise Software Supply Chain", "display_name": "T1195.002 - Compromise Software Supply Chain" }, { "id": "T1567.002", "name": "Exfiltration to Cloud Storage", "display_name": "T1567.002 - Exfiltration to Cloud Storage" }, { "id": "T1197", "name": "BITS Jobs", "display_name": "T1197 - BITS Jobs" }, { "id": "T1059.003", "name": "Windows Command Shell", "display_name": "T1059.003 - Windows Command Shell" }, { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1574.002", "name": "DLL Side-Loading", "display_name": "T1574.002 - DLL Side-Loading" }, { "id": "T1558.003", "name": "Kerberoasting", "display_name": "T1558.003 - Kerberoasting" } ], "industries": [ "Aerospace", "Semiconductor" ], "TLP": "white", "cloned_from": null, "export_count": 38, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 2, "FileHash-SHA1": 2, "FileHash-SHA256": 4, "URL": 2, "domain": 3, "hostname": 3 }, "indicator_count": 16, "is_author": false, "is_subscribing": null, "subscriber_count": 386513, "modified_text": "542 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6757db9fa9dc3946531ceb20", "name": "APT35 Forges Recruitment Sites, Launches Attacks on Aerospace and Semiconductor Industries in Multiple Countries", "description": "", "modified": "2024-12-10T06:11:43.360000", "created": "2024-12-10T06:11:43.360000", "tags": [ "signedconnection.exe", "semiconductor industry", "middle east", "secur32.dll", "aerospace industry", "targeted attacks", "qt5core.dll", "msvcp.dll", "cyber espionage" ], "references": [ "https://threatbook.io/blog/id/1095" ], "public": 1, "adversary": "APT35", "targeted_countries": [ "United States of America", "Thailand", "United Arab Emirates", "Israel" ], "malware_families": [], "attack_ids": [ { "id": "T1053.005", "name": "Scheduled Task", "display_name": "T1053.005 - Scheduled Task" }, { "id": "T1059.007", "name": "JavaScript", "display_name": "T1059.007 - JavaScript" }, { "id": "T1071.004", "name": "DNS", "display_name": "T1071.004 - DNS" }, { "id": "T1036.005", "name": "Match Legitimate Name or Location", "display_name": "T1036.005 - Match Legitimate Name or Location" }, { "id": "T1497.001", "name": "System Checks", "display_name": "T1497.001 - System Checks" }, { "id": "T1566.001", "name": "Spearphishing Attachment", "display_name": "T1566.001 - Spearphishing Attachment" }, { "id": "T1222.001", "name": "Windows File and Directory Permissions Modification", "display_name": "T1222.001 - Windows File and Directory Permissions Modification" }, { "id": "T1219", "name": "Remote Access Software", "display_name": "T1219 - Remote Access Software" }, { "id": "T1050", "name": "New Service", "display_name": "T1050 - New Service" }, { "id": "T1134.002", "name": "Create Process with Token", "display_name": "T1134.002 - Create Process with Token" }, { "id": "T1059.001", "name": "PowerShell", "display_name": "T1059.001 - PowerShell" }, { "id": "T1195.002", "name": "Compromise Software Supply Chain", "display_name": "T1195.002 - Compromise Software Supply Chain" }, { "id": "T1567.002", "name": "Exfiltration to Cloud Storage", "display_name": "T1567.002 - Exfiltration to Cloud Storage" }, { "id": "T1197", "name": "BITS Jobs", "display_name": "T1197 - BITS Jobs" }, { "id": "T1059.003", "name": "Windows Command Shell", "display_name": "T1059.003 - Windows Command Shell" }, { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1574.002", "name": "DLL Side-Loading", "display_name": "T1574.002 - DLL Side-Loading" }, { "id": "T1558.003", "name": "Kerberoasting", "display_name": "T1558.003 - Kerberoasting" } ], "industries": [ "Aerospace", "Semiconductor" ], "TLP": "white", "cloned_from": "6757d1d8361772f503b3a35d", "export_count": 13, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Tr1sa111", "id": "192483", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 2, "FileHash-SHA1": 2, "FileHash-SHA256": 4, "URL": 2, "domain": 3, "hostname": 3 }, "indicator_count": 16, "is_author": false, "is_subscribing": null, "subscriber_count": 276, "modified_text": "537 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6757d1d8361772f503b3a35d", "name": "APT35 Forges Recruitment Sites, Launches Attacks on Aerospace and Semiconductor Industries in Multiple Countries", "description": "", "modified": "2024-12-10T05:30:00.009000", "created": "2024-12-10T05:30:00.009000", "tags": [ "signedconnection.exe", "semiconductor industry", "middle east", "secur32.dll", "aerospace industry", "targeted attacks", "qt5core.dll", "msvcp.dll", "cyber espionage" ], "references": [ "https://threatbook.io/blog/id/1095" ], "public": 1, "adversary": "APT35", "targeted_countries": [ "United States of America", "Thailand", "United Arab Emirates", "Israel" ], "malware_families": [], "attack_ids": [ { "id": "T1053.005", "name": "Scheduled Task", "display_name": "T1053.005 - Scheduled Task" }, { "id": "T1059.007", "name": "JavaScript", "display_name": "T1059.007 - JavaScript" }, { "id": "T1071.004", "name": "DNS", "display_name": "T1071.004 - DNS" }, { "id": "T1036.005", "name": "Match Legitimate Name or Location", "display_name": "T1036.005 - Match Legitimate Name or Location" }, { "id": "T1497.001", "name": "System Checks", "display_name": "T1497.001 - System Checks" }, { "id": "T1566.001", "name": "Spearphishing Attachment", "display_name": "T1566.001 - Spearphishing Attachment" }, { "id": "T1222.001", "name": "Windows File and Directory Permissions Modification", "display_name": "T1222.001 - Windows File and Directory Permissions Modification" }, { "id": "T1219", "name": "Remote Access Software", "display_name": "T1219 - Remote Access Software" }, { "id": "T1050", "name": "New Service", "display_name": "T1050 - New Service" }, { "id": "T1134.002", "name": "Create Process with Token", "display_name": "T1134.002 - Create Process with Token" }, { "id": "T1059.001", "name": "PowerShell", "display_name": "T1059.001 - PowerShell" }, { "id": "T1195.002", "name": "Compromise Software Supply Chain", "display_name": "T1195.002 - Compromise Software Supply Chain" }, { "id": "T1567.002", "name": "Exfiltration to Cloud Storage", "display_name": "T1567.002 - Exfiltration to Cloud Storage" }, { "id": "T1197", "name": "BITS Jobs", "display_name": "T1197 - BITS Jobs" }, { "id": "T1059.003", "name": "Windows Command Shell", "display_name": "T1059.003 - Windows Command Shell" }, { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1574.002", "name": "DLL Side-Loading", "display_name": "T1574.002 - DLL Side-Loading" }, { "id": "T1558.003", "name": "Kerberoasting", "display_name": "T1558.003 - Kerberoasting" } ], "industries": [ "Aerospace", "Semiconductor" ], "TLP": "white", "cloned_from": "6750be8f47f3e59f08377292", "export_count": 11, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "tr2222200", "id": "207905", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 2, "FileHash-SHA1": 2, "FileHash-SHA256": 4, "URL": 2, "domain": 3, "hostname": 3 }, "indicator_count": 16, "is_author": false, "is_subscribing": null, "subscriber_count": 186, "modified_text": "537 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "msdnhelp.com", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "msdnhelp.com", "found": false, "verdict": "clean", "urls": [], "error": null }, "from_cache": true, "_cached_at": 1780224616.2960124 }