{ "type": "Domain", "indicator": "obpproject.com", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/obpproject.com", "alexa": "http://www.alexa.com/siteinfo/obpproject.com", "indicator": "obpproject.com", "type": "domain", "type_title": "Domain", "validation": [], "base_indicator": { "id": 3616518254, "indicator": "obpproject.com", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 8, "pulses": [ { "id": "63c9c63be40dedd057f95de4", "name": "Hackers push malware via Google search ads for VLC, 7-Zip, CCleaner", "description": "Hackers are setting up fake websites for popular free and open-source software to promote malicious downloads through advertisements in Google search results. At least one prominent user on the cryptocurrency scene has fallen victim to the campaign, claiming it allowed hacker hackers steal all their digital crypto assets along with control over their professional and personal accounts.", "modified": "2023-01-19T22:42:01.347000", "created": "2023-01-19T22:37:46.319000", "tags": [ "google search", "google ad", "malvertising", "sponsored ad" ], "references": [ "https://raw.githubusercontent.com/CronUp/Malware-IOCs/main/2023-01-17_Arechclient2_GoogleAds", "https://www.bleepingcomputer.com/news/security/hackers-push-malware-via-google-search-ads-for-vlc-7-zip-ccleaner/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1456", "name": "Drive-by Compromise", "display_name": "T1456 - Drive-by Compromise" }, { "id": "T1204", "name": "User Execution", "display_name": "T1204 - User Execution" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 402, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "domain": 68 }, "indicator_count": 68, "is_author": false, "is_subscribing": null, "subscriber_count": 377552, "modified_text": "1185 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6510a2dd9c7acab85a26f978", "name": "Phishing sites 2023-09-24", "description": "https://github.com/olbat/ut1-blacklists/blob/master/blacklists/phishing/domains", "modified": "2023-10-24T20:02:37.137000", "created": "2023-09-24T20:58:05.025000", "tags": [ "phishing" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [ "France" ], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 24, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "skocherhan", "id": "249290", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_249290/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 10, "URL": 5, "domain": 37579, "hostname": 3238 }, "indicator_count": 40832, "is_author": false, "is_subscribing": null, "subscriber_count": 190, "modified_text": "908 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "63d1c2bfb4e3d744e09c1810", "name": "Twitter Feed - Malwar3Ninja - 25-01-2023", "description": "", "modified": "2023-01-26T00:01:03.722000", "created": "2023-01-26T00:01:03.722000", "tags": [ "malware", "RedLine" ], "references": [ "https://twitter.com/Malwar3Ninja/status/1618279742041640960", "https://twitter.com/Malwar3Ninja/status/1618292890664566784", "https://twitter.com/Malwar3Ninja/status/1618312176967766017" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 12, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunterAutoFeed", "id": "182496", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_182496/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 12 }, "indicator_count": 12, "is_author": false, "is_subscribing": null, "subscriber_count": 1600, "modified_text": "1179 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "63d11b7a1dc1bbe06d93aab3", "name": "Hackers push malware via Google search ads", "description": "A threat actor tracked as DEV-0569 uses Google Ads in widespread, ongoing advertising campaigns to distribute malware, steal victims' passwords, and ultimately breach networks for ransomware attacks.DEV-0569 is an initial access broker that uses its malware distribution system to breach corporate networks. They use this access in their own attacks or sell it to other malicious actors, such as the Royal ransomware gang. When the malware is installed, it will run a PowerShell script that downloads and executes a DLL from the website download-cdn.com, which TA505 previously used.", "modified": "2023-01-25T12:09:53.184000", "created": "2023-01-25T12:07:22.197000", "tags": [ "vidar", "redline", "pihole", "google search", "alex", "google ads", "blender", "google ad", "rufus", "winrar", "redline stealer" ], "references": [ "https://www.bleepingcomputer.com/news/security/hackers-push-malware-via-google-search-ads-for-vlc-7-zip-ccleaner/", "https://raw.githubusercontent.com/CronUp/Malware-IOCs/main/2023-01-17_Arechclient2_GoogleAds" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "PiHole", "display_name": "PiHole", "target": null }, { "id": "Rhadamanthys", "display_name": "Rhadamanthys", "target": null }, { "id": "RedLine", "display_name": "RedLine", "target": null }, { "id": "Vidar", "display_name": "Vidar", "target": null } ], "attack_ids": [ { "id": "T1123", "name": "Audio Capture", "display_name": "T1123 - Audio Capture" }, { "id": "T1125", "name": "Video Capture", "display_name": "T1125 - Video Capture" }, { "id": "T1176", "name": "Browser Extensions", "display_name": "T1176 - Browser Extensions" }, { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1555", "name": "Credentials from Password Stores", "display_name": "T1555 - Credentials from Password Stores" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 12, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Superpro", "id": "61676", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 1, "domain": 68 }, "indicator_count": 69, "is_author": false, "is_subscribing": null, "subscriber_count": 214, "modified_text": "1180 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "63c906464587f00957631c57", "name": "Hackers push malware via Google search ads for VLC, 7-Zip, CCleaner and more", "description": "Hackers are setting up fake websites for popular free and open-source software to promote malicious downloads through advertisements in Google search results.", "modified": "2023-01-19T08:58:46.062000", "created": "2023-01-19T08:58:46.062000", "tags": [], "references": [ "https://raw.githubusercontent.com/CronUp/Malware-IOCs/main/2023-01-17_Arechclient2_GoogleAds", "https://www.bleepingcomputer.com/news/security/hackers-push-malware-via-google-search-ads-for-vlc-7-zip-ccleaner/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 11, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunter_NL", "id": "171283", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_171283/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 70 }, "indicator_count": 70, "is_author": false, "is_subscribing": null, "subscriber_count": 848, "modified_text": "1186 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "63c8f5b8bad90f1af902bee0", "name": "WASOC Cyber Security Advisory 20230119001 - SEO Poisoning Resurgence", "description": "The WA SOC has observed a resurgence in SEO Poisoning campaigns.\nhttps://wagov.github.io/wasocshared/?msdynttrid=XZhpy5MVfCU6PsjlCm14yuI6NvgFdva4H-EXjbwpGMw#/advisories/20230119001-SEO-Poisoning-Resurgence", "modified": "2023-01-19T07:51:05.649000", "created": "2023-01-19T07:48:08.108000", "tags": [ "SEO Poisoning" ], "references": [ "https://www.cronup.com/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 10, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "healeywap", "id": "217398", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 70 }, "indicator_count": 70, "is_author": false, "is_subscribing": null, "subscriber_count": 34, "modified_text": "1186 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "63c7d76533d7c77061b90f9e", "name": "Hackers distribute info-stealing malware through Google ads", "description": "Facebook, Twitter, Facebook, Instagram, YouTube and YouTube are all part of the BBC World News website, which aims to bring you the best news, entertainment and technology from the world of technology.", "modified": "2023-01-18T11:26:29.954000", "created": "2023-01-18T11:26:29.954000", "tags": [], "references": [ "IoC - Hackers distribute info-stealing malware through Google ads.txt" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 12, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "cryptocti", "id": "110256", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_110256/resized/80/avatar_e237a4257c.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 68 }, "indicator_count": 68, "is_author": false, "is_subscribing": null, "subscriber_count": 486, "modified_text": "1187 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "63c75caee123f941de69ceec", "name": "Hackers turn to Google search ads to push info-stealing malware", "description": "Google ads used to promote malicious downloads. Threat actors register many typosquatted domains for over two dozen brands to mislead users.", "modified": "2023-01-18T02:42:54.683000", "created": "2023-01-18T02:42:54.683000", "tags": [ "Google Ads Abuse", "Typosquatted Domains" ], "references": [ "https://raw.githubusercontent.com/CronUp/Malware-IOCs/main/2023-01-17_Arechclient2_GoogleAds", "https://www.bleepingcomputer.com/anews/security/hackers-turn-to-google-search-ads-to-push-info-stealing-malware/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 15, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "goatluxy", "id": "207695", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 70 }, "indicator_count": 70, "is_author": false, "is_subscribing": null, "subscriber_count": 71, "modified_text": "1187 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "references": [ "https://twitter.com/Malwar3Ninja/status/1618312176967766017", "https://www.cronup.com/", "https://twitter.com/Malwar3Ninja/status/1618279742041640960", "https://www.bleepingcomputer.com/anews/security/hackers-turn-to-google-search-ads-to-push-info-stealing-malware/", "IoC - Hackers distribute info-stealing malware through Google ads.txt", "https://raw.githubusercontent.com/CronUp/Malware-IOCs/main/2023-01-17_Arechclient2_GoogleAds", "https://www.bleepingcomputer.com/news/security/hackers-push-malware-via-google-search-ads-for-vlc-7-zip-ccleaner/", "https://twitter.com/Malwar3Ninja/status/1618292890664566784" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [] }, "other": { "adversary": [], "malware_families": [ "Rhadamanthys", "Redline", "Pihole", "Vidar" ], "industries": [] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 8, "pulses": [ { "id": "63c9c63be40dedd057f95de4", "name": "Hackers push malware via Google search ads for VLC, 7-Zip, CCleaner", "description": "Hackers are setting up fake websites for popular free and open-source software to promote malicious downloads through advertisements in Google search results. At least one prominent user on the cryptocurrency scene has fallen victim to the campaign, claiming it allowed hacker hackers steal all their digital crypto assets along with control over their professional and personal accounts.", "modified": "2023-01-19T22:42:01.347000", "created": "2023-01-19T22:37:46.319000", "tags": [ "google search", "google ad", "malvertising", "sponsored ad" ], "references": [ "https://raw.githubusercontent.com/CronUp/Malware-IOCs/main/2023-01-17_Arechclient2_GoogleAds", "https://www.bleepingcomputer.com/news/security/hackers-push-malware-via-google-search-ads-for-vlc-7-zip-ccleaner/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1456", "name": "Drive-by Compromise", "display_name": "T1456 - Drive-by Compromise" }, { "id": "T1204", "name": "User Execution", "display_name": "T1204 - User Execution" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 402, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "domain": 68 }, "indicator_count": 68, "is_author": false, "is_subscribing": null, "subscriber_count": 377552, "modified_text": "1185 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6510a2dd9c7acab85a26f978", "name": "Phishing sites 2023-09-24", "description": "https://github.com/olbat/ut1-blacklists/blob/master/blacklists/phishing/domains", "modified": "2023-10-24T20:02:37.137000", "created": "2023-09-24T20:58:05.025000", "tags": [ "phishing" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [ "France" ], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 24, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "skocherhan", "id": "249290", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_249290/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 10, "URL": 5, "domain": 37579, "hostname": 3238 }, "indicator_count": 40832, "is_author": false, "is_subscribing": null, "subscriber_count": 190, "modified_text": "908 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "63d1c2bfb4e3d744e09c1810", "name": "Twitter Feed - Malwar3Ninja - 25-01-2023", "description": "", "modified": "2023-01-26T00:01:03.722000", "created": "2023-01-26T00:01:03.722000", "tags": [ "malware", "RedLine" ], "references": [ "https://twitter.com/Malwar3Ninja/status/1618279742041640960", "https://twitter.com/Malwar3Ninja/status/1618292890664566784", "https://twitter.com/Malwar3Ninja/status/1618312176967766017" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 12, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunterAutoFeed", "id": "182496", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_182496/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 12 }, "indicator_count": 12, "is_author": false, "is_subscribing": null, "subscriber_count": 1600, "modified_text": "1179 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "63d11b7a1dc1bbe06d93aab3", "name": "Hackers push malware via Google search ads", "description": "A threat actor tracked as DEV-0569 uses Google Ads in widespread, ongoing advertising campaigns to distribute malware, steal victims' passwords, and ultimately breach networks for ransomware attacks.DEV-0569 is an initial access broker that uses its malware distribution system to breach corporate networks. They use this access in their own attacks or sell it to other malicious actors, such as the Royal ransomware gang. When the malware is installed, it will run a PowerShell script that downloads and executes a DLL from the website download-cdn.com, which TA505 previously used.", "modified": "2023-01-25T12:09:53.184000", "created": "2023-01-25T12:07:22.197000", "tags": [ "vidar", "redline", "pihole", "google search", "alex", "google ads", "blender", "google ad", "rufus", "winrar", "redline stealer" ], "references": [ "https://www.bleepingcomputer.com/news/security/hackers-push-malware-via-google-search-ads-for-vlc-7-zip-ccleaner/", "https://raw.githubusercontent.com/CronUp/Malware-IOCs/main/2023-01-17_Arechclient2_GoogleAds" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "PiHole", "display_name": "PiHole", "target": null }, { "id": "Rhadamanthys", "display_name": "Rhadamanthys", "target": null }, { "id": "RedLine", "display_name": "RedLine", "target": null }, { "id": "Vidar", "display_name": "Vidar", "target": null } ], "attack_ids": [ { "id": "T1123", "name": "Audio Capture", "display_name": "T1123 - Audio Capture" }, { "id": "T1125", "name": "Video Capture", "display_name": "T1125 - Video Capture" }, { "id": "T1176", "name": "Browser Extensions", "display_name": "T1176 - Browser Extensions" }, { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1555", "name": "Credentials from Password Stores", "display_name": "T1555 - Credentials from Password Stores" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 12, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Superpro", "id": "61676", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 1, "domain": 68 }, "indicator_count": 69, "is_author": false, "is_subscribing": null, "subscriber_count": 214, "modified_text": "1180 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "63c906464587f00957631c57", "name": "Hackers push malware via Google search ads for VLC, 7-Zip, CCleaner and more", "description": "Hackers are setting up fake websites for popular free and open-source software to promote malicious downloads through advertisements in Google search results.", "modified": "2023-01-19T08:58:46.062000", "created": "2023-01-19T08:58:46.062000", "tags": [], "references": [ "https://raw.githubusercontent.com/CronUp/Malware-IOCs/main/2023-01-17_Arechclient2_GoogleAds", "https://www.bleepingcomputer.com/news/security/hackers-push-malware-via-google-search-ads-for-vlc-7-zip-ccleaner/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 11, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunter_NL", "id": "171283", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_171283/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 70 }, "indicator_count": 70, "is_author": false, "is_subscribing": null, "subscriber_count": 848, "modified_text": "1186 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "63c8f5b8bad90f1af902bee0", "name": "WASOC Cyber Security Advisory 20230119001 - SEO Poisoning Resurgence", "description": "The WA SOC has observed a resurgence in SEO Poisoning campaigns.\nhttps://wagov.github.io/wasocshared/?msdynttrid=XZhpy5MVfCU6PsjlCm14yuI6NvgFdva4H-EXjbwpGMw#/advisories/20230119001-SEO-Poisoning-Resurgence", "modified": "2023-01-19T07:51:05.649000", "created": "2023-01-19T07:48:08.108000", "tags": [ "SEO Poisoning" ], "references": [ "https://www.cronup.com/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 10, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "healeywap", "id": "217398", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 70 }, "indicator_count": 70, "is_author": false, "is_subscribing": null, "subscriber_count": 34, "modified_text": "1186 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "63c7d76533d7c77061b90f9e", "name": "Hackers distribute info-stealing malware through Google ads", "description": "Facebook, Twitter, Facebook, Instagram, YouTube and YouTube are all part of the BBC World News website, which aims to bring you the best news, entertainment and technology from the world of technology.", "modified": "2023-01-18T11:26:29.954000", "created": "2023-01-18T11:26:29.954000", "tags": [], "references": [ "IoC - Hackers distribute info-stealing malware through Google ads.txt" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 12, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "cryptocti", "id": "110256", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_110256/resized/80/avatar_e237a4257c.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 68 }, "indicator_count": 68, "is_author": false, "is_subscribing": null, "subscriber_count": 486, "modified_text": "1187 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "63c75caee123f941de69ceec", "name": "Hackers turn to Google search ads to push info-stealing malware", "description": "Google ads used to promote malicious downloads. Threat actors register many typosquatted domains for over two dozen brands to mislead users.", "modified": "2023-01-18T02:42:54.683000", "created": "2023-01-18T02:42:54.683000", "tags": [ "Google Ads Abuse", "Typosquatted Domains" ], "references": [ "https://raw.githubusercontent.com/CronUp/Malware-IOCs/main/2023-01-17_Arechclient2_GoogleAds", "https://www.bleepingcomputer.com/anews/security/hackers-turn-to-google-search-ads-to-push-info-stealing-malware/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 15, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "goatluxy", "id": "207695", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 70 }, "indicator_count": 70, "is_author": false, "is_subscribing": null, "subscriber_count": 71, "modified_text": "1187 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "obpproject.com", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "obpproject.com", "found": false, "verdict": "clean", "urls": [], "error": null }, "from_cache": true, "_cached_at": 1776629245.853771 }