{ "type": "Domain", "indicator": "ngcttest.com", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/ngcttest.com", "alexa": "http://www.alexa.com/siteinfo/ngcttest.com", "indicator": "ngcttest.com", "type": "domain", "type_title": "Domain", "validation": [], "base_indicator": { "id": 3617286538, "indicator": "ngcttest.com", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 3, "pulses": [ { "id": "63f52c8134bcfec6bc14eb20", "name": "~WRD0004.doc", "description": "", "modified": "2023-02-21T20:41:36.773000", "created": "2023-02-21T20:41:36.773000", "tags": [ "375809b8a913e9fdf5a6a0463d373eff98ee7d8054a49c28bd133b90fbe7b424", "~WRD0004.doc" ], "references": [ "~WRD0004.doc", "Contains - TarD5B7.tmp\tc0cf8cc04c34b5b80a2d86ad0eafb2dd71436f070c86b0321fba0201879625fd", "Process binds to unusual ports details Process \"%PROGRAMFILES%\\Microsoft Office\\Office14\\WINWORD.EXE\" binds to port 49791 source Network Traffic", "https://hybrid-analysis.com/sample/375809b8a913e9fdf5a6a0463d373eff98ee7d8054a49c28bd133b90fbe7b424/63f406d1b2eb1e516771f201" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1074", "name": "Data Staged", "display_name": "T1074 - Data Staged" }, { "id": "T1100", "name": "Web Shell", "display_name": "T1100 - Web Shell" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1571", "name": "Non-Standard Port", "display_name": "T1571 - Non-Standard Port" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 4, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "callmeDoris", "id": "205385", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 19, "URL": 7, "domain": 12, "FileHash-MD5": 14, "FileHash-SHA1": 11 }, "indicator_count": 63, "is_author": false, "is_subscribing": null, "subscriber_count": 90, "modified_text": "1197 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "63c8b5fe14c9a2744aafc835", "name": "Sign in \u2013 Google accounts google account from e.com ???? - T1105 Ingress Tool Transfer ???", "description": "Click here to find out more about the world's most northerly languages and ethnic groups, which are available on the BBC World News website and iPlayer (in English, iPad and mobile).", "modified": "2023-01-19T03:16:14.824000", "created": "2023-01-19T03:16:14.824000", "tags": [ "analysis", "trojan", "apt", "runtime data", "ansi", "localappdata", "unicode", "programfiles", "input", "report", "windir", "ransomware", "suspicious", "general", "strings", "google", "sign", "google account", "email", "forgot email", "use private", "browsing", "learn", "create account", "e.com" ], "references": [ "https://myaccount.google.com/u/1/accountlinking?hl=en-GB", "https://www.hybrid-analysis.com/sample/134aa68a3c3fdc7232e01975247699b806576d0954e695042f44f4b74a7acba1/63c883a9634ab92b2b44d552", "e.com" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 10, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "callmeDoris", "id": "205385", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 3, "FileHash-SHA256": 5, "URL": 24, "hostname": 1, "FileHash-MD5": 1, "FileHash-SHA1": 1 }, "indicator_count": 35, "is_author": false, "is_subscribing": null, "subscriber_count": 90, "modified_text": "1231 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "63c8b2f10c9b8b2344261988", "name": "Sign in \u2013 Google accounts google account from e.com ???? - T1105 Ingress Tool Transfer ???", "description": "Click here to find out more about the world's most northerly languages and ethnic groups, which are available on the BBC World News website and iPlayer (in English, iPad and mobile).", "modified": "2023-01-19T03:03:13.013000", "created": "2023-01-19T03:03:13.013000", "tags": [ "analysis", "trojan", "apt", "runtime data", "ansi", "localappdata", "unicode", "programfiles", "input", "report", "windir", "ransomware", "suspicious", "general", "strings", "google", "sign", "google account", "email", "forgot email", "use private", "browsing", "learn", "create account", "e.com" ], "references": [ "https://myaccount.google.com/u/1/accountlinking?hl=en-GB", "https://www.hybrid-analysis.com/sample/134aa68a3c3fdc7232e01975247699b806576d0954e695042f44f4b74a7acba1/63c883a9634ab92b2b44d552", "e.com" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 10, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "callmeDoris", "id": "205385", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 3, "FileHash-SHA256": 5, "URL": 24, "hostname": 1, "FileHash-MD5": 1, "FileHash-SHA1": 1 }, "indicator_count": 35, "is_author": false, "is_subscribing": null, "subscriber_count": 90, "modified_text": "1231 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "references": [ "https://myaccount.google.com/u/1/accountlinking?hl=en-GB", "~WRD0004.doc", "Process binds to unusual ports details Process \"%PROGRAMFILES%\\Microsoft Office\\Office14\\WINWORD.EXE\" binds to port 49791 source Network Traffic", "Contains - TarD5B7.tmp\tc0cf8cc04c34b5b80a2d86ad0eafb2dd71436f070c86b0321fba0201879625fd", "https://hybrid-analysis.com/sample/375809b8a913e9fdf5a6a0463d373eff98ee7d8054a49c28bd133b90fbe7b424/63f406d1b2eb1e516771f201", "e.com", "https://www.hybrid-analysis.com/sample/134aa68a3c3fdc7232e01975247699b806576d0954e695042f44f4b74a7acba1/63c883a9634ab92b2b44d552" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [] }, "other": { "adversary": [], "malware_families": [], "industries": [] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 3, "pulses": [ { "id": "63f52c8134bcfec6bc14eb20", "name": "~WRD0004.doc", "description": "", "modified": "2023-02-21T20:41:36.773000", "created": "2023-02-21T20:41:36.773000", "tags": [ "375809b8a913e9fdf5a6a0463d373eff98ee7d8054a49c28bd133b90fbe7b424", "~WRD0004.doc" ], "references": [ "~WRD0004.doc", "Contains - TarD5B7.tmp\tc0cf8cc04c34b5b80a2d86ad0eafb2dd71436f070c86b0321fba0201879625fd", "Process binds to unusual ports details Process \"%PROGRAMFILES%\\Microsoft Office\\Office14\\WINWORD.EXE\" binds to port 49791 source Network Traffic", "https://hybrid-analysis.com/sample/375809b8a913e9fdf5a6a0463d373eff98ee7d8054a49c28bd133b90fbe7b424/63f406d1b2eb1e516771f201" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1074", "name": "Data Staged", "display_name": "T1074 - Data Staged" }, { "id": "T1100", "name": "Web Shell", "display_name": "T1100 - Web Shell" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1571", "name": "Non-Standard Port", "display_name": "T1571 - Non-Standard Port" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 4, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "callmeDoris", "id": "205385", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 19, "URL": 7, "domain": 12, "FileHash-MD5": 14, "FileHash-SHA1": 11 }, "indicator_count": 63, "is_author": false, "is_subscribing": null, "subscriber_count": 90, "modified_text": "1197 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "63c8b5fe14c9a2744aafc835", "name": "Sign in \u2013 Google accounts google account from e.com ???? - T1105 Ingress Tool Transfer ???", "description": "Click here to find out more about the world's most northerly languages and ethnic groups, which are available on the BBC World News website and iPlayer (in English, iPad and mobile).", "modified": "2023-01-19T03:16:14.824000", "created": "2023-01-19T03:16:14.824000", "tags": [ "analysis", "trojan", "apt", "runtime data", "ansi", "localappdata", "unicode", "programfiles", "input", "report", "windir", "ransomware", "suspicious", "general", "strings", "google", "sign", "google account", "email", "forgot email", "use private", "browsing", "learn", "create account", "e.com" ], "references": [ "https://myaccount.google.com/u/1/accountlinking?hl=en-GB", "https://www.hybrid-analysis.com/sample/134aa68a3c3fdc7232e01975247699b806576d0954e695042f44f4b74a7acba1/63c883a9634ab92b2b44d552", "e.com" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 10, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "callmeDoris", "id": "205385", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 3, "FileHash-SHA256": 5, "URL": 24, "hostname": 1, "FileHash-MD5": 1, "FileHash-SHA1": 1 }, "indicator_count": 35, "is_author": false, "is_subscribing": null, "subscriber_count": 90, "modified_text": "1231 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "63c8b2f10c9b8b2344261988", "name": "Sign in \u2013 Google accounts google account from e.com ???? - T1105 Ingress Tool Transfer ???", "description": "Click here to find out more about the world's most northerly languages and ethnic groups, which are available on the BBC World News website and iPlayer (in English, iPad and mobile).", "modified": "2023-01-19T03:03:13.013000", "created": "2023-01-19T03:03:13.013000", "tags": [ "analysis", "trojan", "apt", "runtime data", "ansi", "localappdata", "unicode", "programfiles", "input", "report", "windir", "ransomware", "suspicious", "general", "strings", "google", "sign", "google account", "email", "forgot email", "use private", "browsing", "learn", "create account", "e.com" ], "references": [ "https://myaccount.google.com/u/1/accountlinking?hl=en-GB", "https://www.hybrid-analysis.com/sample/134aa68a3c3fdc7232e01975247699b806576d0954e695042f44f4b74a7acba1/63c883a9634ab92b2b44d552", "e.com" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 10, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "callmeDoris", "id": "205385", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 3, "FileHash-SHA256": 5, "URL": 24, "hostname": 1, "FileHash-MD5": 1, "FileHash-SHA1": 1 }, "indicator_count": 35, "is_author": false, "is_subscribing": null, "subscriber_count": 90, "modified_text": "1231 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "ngcttest.com", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "ngcttest.com", "found": false, "verdict": "clean", "urls": [], "error": null }, "from_cache": true, "_cached_at": 1780499567.2886782 }