{ "type": "Domain", "indicator": "od.com", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/od.com", "alexa": "http://www.alexa.com/siteinfo/od.com", "indicator": "od.com", "type": "domain", "type_title": "Domain", "validation": [], "base_indicator": { "id": 3881889298, "indicator": "od.com", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 2, "pulses": [ { "id": "6630d3b0725bdc673c94adb6", "name": "Infoblox Discovers Multiyear Sophisticated Chinese DNS Operation | Infoblox", "description": "Infoblox offers a comprehensive overview of the company's products, products and services. 1.5bn worth of research, development and development in a range of categories, from cybersecurity to network security.\n\nNote that these domains are not indicators of compromise or necessarily malicious. Some of the domains used by Muddling Meerkat are parked, others host gambling sites and other possibly illegal content, and others are active legitimate domains. The full scope of Muddling Meerkat target domains is likely much larger.", "modified": "2024-05-30T11:01:36.258000", "created": "2024-04-30T11:19:12.108000", "tags": [ "january", "meerkat", "infoblox threat", "october", "strong", "september", "february", "june", "april", "march", "august", "service", "drip", "contact", "tools", "leverage", "speed", "protect", "recursive", "alex" ], "references": [ "https://blogs.infoblox.com/threat-intelligence/a-cunning-operator-muddling-meerkat-and-chinas-great-firewall/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1498", "name": "Network Denial of Service", "display_name": "T1498 - Network Denial of Service" }, { "id": "T1102", "name": "Web Service", "display_name": "T1102 - Web Service" }, { "id": "T1016", "name": "System Network Configuration Discovery", "display_name": "T1016 - System Network Configuration Discovery" }, { "id": "T1490", "name": "Inhibit System Recovery", "display_name": "T1490 - Inhibit System Recovery" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1499", "name": "Endpoint Denial of Service", "display_name": "T1499 - Endpoint Denial of Service" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 31, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunter_NL", "id": "171283", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_171283/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 30, "hostname": 12 }, "indicator_count": 42, "is_author": false, "is_subscribing": null, "subscriber_count": 862, "modified_text": "732 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "66385bf4b2c92b3eec43c07b", "name": "Muddling Meerkat undertaking sophisticated DNS", "description": "", "modified": "2024-05-06T04:26:28.236000", "created": "2024-05-06T04:26:28.236000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 12, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "cryptocti", "id": "110256", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_110256/resized/80/avatar_e237a4257c.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 29 }, "indicator_count": 29, "is_author": false, "is_subscribing": null, "subscriber_count": 499, "modified_text": "757 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "references": [ "https://blogs.infoblox.com/threat-intelligence/a-cunning-operator-muddling-meerkat-and-chinas-great-firewall/" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [] }, "other": { "adversary": [], "malware_families": [], "industries": [] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 2, "pulses": [ { "id": "6630d3b0725bdc673c94adb6", "name": "Infoblox Discovers Multiyear Sophisticated Chinese DNS Operation | Infoblox", "description": "Infoblox offers a comprehensive overview of the company's products, products and services. 1.5bn worth of research, development and development in a range of categories, from cybersecurity to network security.\n\nNote that these domains are not indicators of compromise or necessarily malicious. Some of the domains used by Muddling Meerkat are parked, others host gambling sites and other possibly illegal content, and others are active legitimate domains. The full scope of Muddling Meerkat target domains is likely much larger.", "modified": "2024-05-30T11:01:36.258000", "created": "2024-04-30T11:19:12.108000", "tags": [ "january", "meerkat", "infoblox threat", "october", "strong", "september", "february", "june", "april", "march", "august", "service", "drip", "contact", "tools", "leverage", "speed", "protect", "recursive", "alex" ], "references": [ "https://blogs.infoblox.com/threat-intelligence/a-cunning-operator-muddling-meerkat-and-chinas-great-firewall/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1498", "name": "Network Denial of Service", "display_name": "T1498 - Network Denial of Service" }, { "id": "T1102", "name": "Web Service", "display_name": "T1102 - Web Service" }, { "id": "T1016", "name": "System Network Configuration Discovery", "display_name": "T1016 - System Network Configuration Discovery" }, { "id": "T1490", "name": "Inhibit System Recovery", "display_name": "T1490 - Inhibit System Recovery" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1499", "name": "Endpoint Denial of Service", "display_name": "T1499 - Endpoint Denial of Service" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 31, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunter_NL", "id": "171283", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_171283/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 30, "hostname": 12 }, "indicator_count": 42, "is_author": false, "is_subscribing": null, "subscriber_count": 862, "modified_text": "732 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "66385bf4b2c92b3eec43c07b", "name": "Muddling Meerkat undertaking sophisticated DNS", "description": "", "modified": "2024-05-06T04:26:28.236000", "created": "2024-05-06T04:26:28.236000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 12, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "cryptocti", "id": "110256", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_110256/resized/80/avatar_e237a4257c.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 29 }, "indicator_count": 29, "is_author": false, "is_subscribing": null, "subscriber_count": 499, "modified_text": "757 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "od.com", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "od.com", "found": false, "verdict": "clean", "urls": [], "error": null }, "from_cache": true, "_cached_at": 1780389287.059592 }