{ "type": "Domain", "indicator": "node.lib", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/node.lib", "alexa": "http://www.alexa.com/siteinfo/node.lib", "indicator": "node.lib", "type": "domain", "type_title": "Domain", "validation": [], "base_indicator": { "id": 3784728213, "indicator": "node.lib", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 3, "pulses": [ { "id": "655dd1a4c684662fbd6d2c85", "name": "Attack Signals Possible Return of Genesis Market, Abuses Node.js, and EV Code Signing", "description": "Trend Vision One provides a comprehensive guide to the best ways to protect your business from cyber threats, while providing a faster, more effective response to threats in the cloud and multi-cloud world.", "modified": "2023-12-22T10:01:15.852000", "created": "2023-11-22T10:02:12.829000", "tags": [ "malware", "endpoints", "research", "phishing", "articles", "news", "reports", "cyber threats", "learn", "genesis market", "trend micro", "google colab", "ev code", "trend vision", "ot security", "managed xdr", "alliance", "vision one", "stop", "protect", "attack", "april", "sector", "hybrid", "small", "carriers", "code", "date", "lu0bot", "possible", "stealc", "vidar", "beware", "lumma stealer", "find", "indonesia", "disease vector", "return", "signing", "compromise", "files detection", "urls" ], "references": [ "https://www.trendmicro.com/en_us/research/23/k/attack-signals-possible-return-of-genesis-market.html", "https://www.trendmicro.com/content/dam/trendmicro/global/en/research/23/k/attack-signals-possible-return-of-genesis-market/iocs-attack-signals-possible-return-of-genesis-market.txt" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Vidar", "display_name": "Vidar", "target": null }, { "id": "Lu0Bot", "display_name": "Lu0Bot", "target": null } ], "attack_ids": [ { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1102", "name": "Web Service", "display_name": "T1102 - Web Service" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 17, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunter_NL", "id": "171283", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_171283/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 1, "FileHash-MD5": 2, "FileHash-SHA1": 5, "FileHash-SHA256": 6, "URL": 9, "domain": 5, "hostname": 2 }, "indicator_count": 30, "is_author": false, "is_subscribing": null, "subscriber_count": 862, "modified_text": "891 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "655dd1a64ed8e22ca97a0473", "name": "Attack Signals Possible Return of Genesis Market, Abuses Node.js, and EV Code Signing", "description": "Trend Vision One provides a comprehensive guide to the best ways to protect your business from cyber threats, while providing a faster, more effective response to threats in the cloud and multi-cloud world.", "modified": "2023-12-22T10:01:15.852000", "created": "2023-11-22T10:02:14.375000", "tags": [ "malware", "endpoints", "research", "phishing", "articles", "news", "reports", "cyber threats", "learn", "genesis market", "trend micro", "google colab", "ev code", "trend vision", "ot security", "managed xdr", "alliance", "vision one", "stop", "protect", "attack", "april", "sector", "hybrid", "small", "carriers", "code", "date", "lu0bot", "possible", "stealc", "vidar", "beware", "lumma stealer", "find", "indonesia", "disease vector", "return", "signing", "compromise", "files detection", "urls" ], "references": [ "https://www.trendmicro.com/en_us/research/23/k/attack-signals-possible-return-of-genesis-market.html", "https://www.trendmicro.com/content/dam/trendmicro/global/en/research/23/k/attack-signals-possible-return-of-genesis-market/iocs-attack-signals-possible-return-of-genesis-market.txt" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Vidar", "display_name": "Vidar", "target": null }, { "id": "Lu0Bot", "display_name": "Lu0Bot", "target": null } ], "attack_ids": [ { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1102", "name": "Web Service", "display_name": "T1102 - Web Service" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 19, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunter_NL", "id": "171283", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_171283/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 1, "FileHash-MD5": 2, "FileHash-SHA1": 5, "FileHash-SHA256": 6, "URL": 9, "domain": 5, "hostname": 2 }, "indicator_count": 30, "is_author": false, "is_subscribing": null, "subscriber_count": 862, "modified_text": "891 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "655ddb0bc2349ededf22684e", "name": "Attack Signals Possible Return of Genesis Market, Abuses Node.js, and EV Code Signing", "description": "", "modified": "2023-12-22T10:01:15.852000", "created": "2023-11-22T10:42:19.757000", "tags": [ "malware", "endpoints", "research", "phishing", "articles", "news", "reports", "cyber threats", "learn", "genesis market", "trend micro", "google colab", "ev code", "trend vision", "ot security", "managed xdr", "alliance", "vision one", "stop", "protect", "attack", "april", "sector", "hybrid", "small", "carriers", "code", "date", "lu0bot", "possible", "stealc", "vidar", "beware", "lumma stealer", "find", "indonesia", "disease vector", "return", "signing", "compromise", "files detection", "urls" ], "references": [ "https://www.trendmicro.com/en_us/research/23/k/attack-signals-possible-return-of-genesis-market.html", "https://www.trendmicro.com/content/dam/trendmicro/global/en/research/23/k/attack-signals-possible-return-of-genesis-market/iocs-attack-signals-possible-return-of-genesis-market.txt" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 17, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "ghitansilviu@gmail.com", "id": "177478", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 1, "FileHash-MD5": 2, "FileHash-SHA1": 5, "FileHash-SHA256": 6, "URL": 7, "domain": 5, "hostname": 2 }, "indicator_count": 28, "is_author": false, "is_subscribing": null, "subscriber_count": 48, "modified_text": "891 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "references": [ "https://www.trendmicro.com/content/dam/trendmicro/global/en/research/23/k/attack-signals-possible-return-of-genesis-market/iocs-attack-signals-possible-return-of-genesis-market.txt", "https://www.trendmicro.com/en_us/research/23/k/attack-signals-possible-return-of-genesis-market.html" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [] }, "other": { "adversary": [], "malware_families": [ "Lu0bot", "Vidar" ], "industries": [] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 3, "pulses": [ { "id": "655dd1a4c684662fbd6d2c85", "name": "Attack Signals Possible Return of Genesis Market, Abuses Node.js, and EV Code Signing", "description": "Trend Vision One provides a comprehensive guide to the best ways to protect your business from cyber threats, while providing a faster, more effective response to threats in the cloud and multi-cloud world.", "modified": "2023-12-22T10:01:15.852000", "created": "2023-11-22T10:02:12.829000", "tags": [ "malware", "endpoints", "research", "phishing", "articles", "news", "reports", "cyber threats", "learn", "genesis market", "trend micro", "google colab", "ev code", "trend vision", "ot security", "managed xdr", "alliance", "vision one", "stop", "protect", "attack", "april", "sector", "hybrid", "small", "carriers", "code", "date", "lu0bot", "possible", "stealc", "vidar", "beware", "lumma stealer", "find", "indonesia", "disease vector", "return", "signing", "compromise", "files detection", "urls" ], "references": [ "https://www.trendmicro.com/en_us/research/23/k/attack-signals-possible-return-of-genesis-market.html", "https://www.trendmicro.com/content/dam/trendmicro/global/en/research/23/k/attack-signals-possible-return-of-genesis-market/iocs-attack-signals-possible-return-of-genesis-market.txt" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Vidar", "display_name": "Vidar", "target": null }, { "id": "Lu0Bot", "display_name": "Lu0Bot", "target": null } ], "attack_ids": [ { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1102", "name": "Web Service", "display_name": "T1102 - Web Service" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 17, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunter_NL", "id": "171283", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_171283/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 1, "FileHash-MD5": 2, "FileHash-SHA1": 5, "FileHash-SHA256": 6, "URL": 9, "domain": 5, "hostname": 2 }, "indicator_count": 30, "is_author": false, "is_subscribing": null, "subscriber_count": 862, "modified_text": "891 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "655dd1a64ed8e22ca97a0473", "name": "Attack Signals Possible Return of Genesis Market, Abuses Node.js, and EV Code Signing", "description": "Trend Vision One provides a comprehensive guide to the best ways to protect your business from cyber threats, while providing a faster, more effective response to threats in the cloud and multi-cloud world.", "modified": "2023-12-22T10:01:15.852000", "created": "2023-11-22T10:02:14.375000", "tags": [ "malware", "endpoints", "research", "phishing", "articles", "news", "reports", "cyber threats", "learn", "genesis market", "trend micro", "google colab", "ev code", "trend vision", "ot security", "managed xdr", "alliance", "vision one", "stop", "protect", "attack", "april", "sector", "hybrid", "small", "carriers", "code", "date", "lu0bot", "possible", "stealc", "vidar", "beware", "lumma stealer", "find", "indonesia", "disease vector", "return", "signing", "compromise", "files detection", "urls" ], "references": [ "https://www.trendmicro.com/en_us/research/23/k/attack-signals-possible-return-of-genesis-market.html", "https://www.trendmicro.com/content/dam/trendmicro/global/en/research/23/k/attack-signals-possible-return-of-genesis-market/iocs-attack-signals-possible-return-of-genesis-market.txt" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Vidar", "display_name": "Vidar", "target": null }, { "id": "Lu0Bot", "display_name": "Lu0Bot", "target": null } ], "attack_ids": [ { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1102", "name": "Web Service", "display_name": "T1102 - Web Service" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 19, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunter_NL", "id": "171283", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_171283/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 1, "FileHash-MD5": 2, "FileHash-SHA1": 5, "FileHash-SHA256": 6, "URL": 9, "domain": 5, "hostname": 2 }, "indicator_count": 30, "is_author": false, "is_subscribing": null, "subscriber_count": 862, "modified_text": "891 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "655ddb0bc2349ededf22684e", "name": "Attack Signals Possible Return of Genesis Market, Abuses Node.js, and EV Code Signing", "description": "", "modified": "2023-12-22T10:01:15.852000", "created": "2023-11-22T10:42:19.757000", "tags": [ "malware", "endpoints", "research", "phishing", "articles", "news", "reports", "cyber threats", "learn", "genesis market", "trend micro", "google colab", "ev code", "trend vision", "ot security", "managed xdr", "alliance", "vision one", "stop", "protect", "attack", "april", "sector", "hybrid", "small", "carriers", "code", "date", "lu0bot", "possible", "stealc", "vidar", "beware", "lumma stealer", "find", "indonesia", "disease vector", "return", "signing", "compromise", "files detection", "urls" ], "references": [ "https://www.trendmicro.com/en_us/research/23/k/attack-signals-possible-return-of-genesis-market.html", "https://www.trendmicro.com/content/dam/trendmicro/global/en/research/23/k/attack-signals-possible-return-of-genesis-market/iocs-attack-signals-possible-return-of-genesis-market.txt" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 17, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "ghitansilviu@gmail.com", "id": "177478", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 1, "FileHash-MD5": 2, "FileHash-SHA1": 5, "FileHash-SHA256": 6, "URL": 7, "domain": 5, "hostname": 2 }, "indicator_count": 28, "is_author": false, "is_subscribing": null, "subscriber_count": 48, "modified_text": "891 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "node.lib", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "node.lib", "found": false, "verdict": "clean", "urls": [], "error": null }, "from_cache": true, "_cached_at": 1780282350.7101662 }