{ "type": "Domain", "indicator": "outlookde.live", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/outlookde.live", "alexa": "http://www.alexa.com/siteinfo/outlookde.live", "indicator": "outlookde.live", "type": "domain", "type_title": "Domain", "validation": [], "base_indicator": { "id": 3419089180, "indicator": "outlookde.live", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 6, "pulses": [ { "id": "624f0d6039be61f29b5f463c", "name": "Adversarial Threat Report - April 2022", "description": "Cyber espionage actors typically target people across the internet to collect intelligence, manipulate them into revealing information, and compromise their devices and accounts. Researchers identified a group of hackers from Iran, known in the security industry as UNC788, that targeted people in the Middle East, including Saudi military, dissidents and human rights activists from Israel and Iran, politicians in the US, and Iran-focused academics, activists and journalists around the world.", "modified": "2022-04-07T16:12:15.720000", "created": "2022-04-07T16:12:15.720000", "tags": [ "HilalRAT", "Meta", "Facebook", "NGOs", "Geopolitical conflict", "UNC788", "VMware" ], "references": [ "https://about.fb.com/wp-content/uploads/2022/04/Meta-Quarterly-Adversarial-Threat-Report_Q1-2022.pdf" ], "public": 1, "adversary": "UNC788", "targeted_countries": [ "United States of America", "Canada", "Germany", "United Arab Emirates", "Norway", "Iceland", "Israel", "India", "Azerbaijan", "Saudi Arabia", "Brazil", "Ukraine", "Nigeria", "Cameroon", "Gambia", "Zimbabwe", "Congo" ], "malware_families": [ { "id": "HilalRAT", "display_name": "HilalRAT", "target": null } ], "attack_ids": [ { "id": "T1102", "name": "Web Service", "display_name": "T1102 - Web Service" }, { "id": "T1017", "name": "Application Deployment Software", "display_name": "T1017 - Application Deployment Software" }, { "id": "T1498", "name": "Network Denial of Service", "display_name": "T1498 - Network Denial of Service" }, { "id": "T1499", "name": "Endpoint Denial of Service", "display_name": "T1499 - Endpoint Denial of Service" }, { "id": "T1192", "name": "Spearphishing Link", "display_name": "T1192 - Spearphishing Link" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1021", "name": "Remote Services", "display_name": "T1021 - Remote Services" }, { "id": "T1081", "name": "Credentials in Files", "display_name": "T1081 - Credentials in Files" }, { "id": "T1119", "name": "Automated Collection", "display_name": "T1119 - Automated Collection" } ], "industries": [ "Energy", "Finance", "Government", "NGO" ], "TLP": "white", "cloned_from": null, "export_count": 292, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 7, "FileHash-SHA1": 1, "FileHash-SHA256": 1, "URL": 3, "domain": 57, "hostname": 10 }, "indicator_count": 79, "is_author": false, "is_subscribing": null, "subscriber_count": 386555, "modified_text": "1515 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "63d7a3b4d313f9bc61f5e2df", "name": "Microsoft Seizes 41 Domains Used in Spear-Phishing Attacks by Bohrium Hackers", "description": "", "modified": "2023-01-30T11:02:12.246000", "created": "2023-01-30T11:02:12.246000", "tags": [], "references": [ "https://news.microsoft.com/wp-content/uploads/prod/sites/358/2022/06/Doc.-No.-16-Ex-parte-TRO-SEALED.pdf", "https://thehackernews.com/2022/06/microsoft-seizes-41-domains-used-in.html", "https://twitter.com/CyberAmyHB/status/1532398956918890500" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" } ], "industries": [], "TLP": "white", "cloned_from": "629f09efc654decd2834e4d9", "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Tr1sa111", "id": "192483", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 41 }, "indicator_count": 41, "is_author": false, "is_subscribing": null, "subscriber_count": 276, "modified_text": "1217 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "629f09efc654decd2834e4d9", "name": " Microsoft Seizes 41 Domains Used in Spear-Phishing Attacks by Bohrium Hackers", "description": "", "modified": "2022-06-07T08:18:55.253000", "created": "2022-06-07T08:18:55.253000", "tags": [], "references": [ "https://news.microsoft.com/wp-content/uploads/prod/sites/358/2022/06/Doc.-No.-16-Ex-parte-TRO-SEALED.pdf", "https://thehackernews.com/2022/06/microsoft-seizes-41-domains-used-in.html", "https://twitter.com/CyberAmyHB/status/1532398956918890500" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" } ], "industries": [], "TLP": "white", "cloned_from": "629df6517d7445e4719ddca8", "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunter_NL", "id": "171283", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_171283/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 41 }, "indicator_count": 41, "is_author": false, "is_subscribing": null, "subscriber_count": 862, "modified_text": "1454 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "629df6517d7445e4719ddca8", "name": "Microsoft Seizes 41 Domains Used in Spear-Phishing Attacks by Bohrium Hackers", "description": "To halt the malicious activities of Bohrium, Microsoft said it took down 41 \".com,\" \".info,\" \".live,\" \".me,\" \".net,\" \".org,\" and \".xyz\" domains that were used as command-and-control infrastructure to facilitate the spear-phishing campaign.", "modified": "2022-06-06T12:42:57.024000", "created": "2022-06-06T12:42:57.024000", "tags": [], "references": [ "https://news.microsoft.com/wp-content/uploads/prod/sites/358/2022/06/Doc.-No.-16-Ex-parte-TRO-SEALED.pdf", "https://thehackernews.com/2022/06/microsoft-seizes-41-domains-used-in.html", "https://twitter.com/CyberAmyHB/status/1532398956918890500" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "bluewatcher", "id": "174522", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 41 }, "indicator_count": 41, "is_author": false, "is_subscribing": null, "subscriber_count": 111, "modified_text": "1455 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6299dc25ec4abd68c8f8b165", "name": "Microsoft Digital Crimes Unit takes down BOHRIUM (Iranian APT) domains", "description": "Bohrium specializes in spearphishing operations which are designed to steal user credentials and other sensitive information from computers connected to the Internet by infecting the targeted computers with malicious software (\u201cmalware\u201d). The precise identities and locations of those behind the Bohrium activity are generally unknown but have been linked by many in the security community to an Iranian group or groups.", "modified": "2022-06-03T10:02:13.138000", "created": "2022-06-03T10:02:13.138000", "tags": [], "references": [ "https://noticeofpleadings.com/Bohrium/files/Complaint_and_Summons/Appendix%20A%20-%20Domains.pdf", "https://noticeofpleadings.com/Bohrium/files/Complaint_and_Summons/Complaint.pdf", "https://noticeofpleadings.com/bohrium/", "https://twitter.com/CyberAmyHB/status/1532398956918890500?s=20&t=n199vileVN6Ft2pyYt0KUw" ], "public": 1, "adversary": "BOHRIUM", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 7, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "BushidoToken", "id": "110921", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_110921/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 41 }, "indicator_count": 41, "is_author": false, "is_subscribing": null, "subscriber_count": 177, "modified_text": "1458 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6260576f481e853fdedd5b2c", "name": "TA455 from Iran", "description": "Facebook/Meta took action against a previously unreported hacking group from Iran that targeted or\nspoofed companies in multiple industries around the world. This included energy companies in\nSaudi Arabia, Canada, Italy, and Russia; the information technology industry in India and United\nArab Emirates; the maritime logistics industry in UAE, Iceland, Norway, Saudi Arabia, US, Israel, \nand India; telecommunications companies in Saudi Arabia and UAE; and the semiconductor\nindustry in Israel, US, and Germany. This group used similar TTPs to another threat actor dubbed Tortoiseshell that we reported on\nlast year, but in this case we saw different targeting, technical infrastructure, and distinct\nmalware.", "modified": "2022-04-20T18:56:47.303000", "created": "2022-04-20T18:56:47.303000", "tags": [ "domains" ], "references": [ "https://about.fb.com/wp-content/uploads/2022/04/Meta-Quarterly-Adversarial-Threat-Report_Q1-2022.pdf", "https://twitter.com/ChicagoCyber/status/1512084888127561738" ], "public": 1, "adversary": "TA455", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 167, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "343GuiltySpark", "id": "91492", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_91492/resized/80/avatar_b7653559df.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 6, "domain": 48 }, "indicator_count": 54, "is_author": false, "is_subscribing": null, "subscriber_count": 559, "modified_text": "1501 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "references": [ "https://noticeofpleadings.com/bohrium/", "https://twitter.com/CyberAmyHB/status/1532398956918890500", "https://twitter.com/CyberAmyHB/status/1532398956918890500?s=20&t=n199vileVN6Ft2pyYt0KUw", "https://about.fb.com/wp-content/uploads/2022/04/Meta-Quarterly-Adversarial-Threat-Report_Q1-2022.pdf", "https://noticeofpleadings.com/Bohrium/files/Complaint_and_Summons/Complaint.pdf", "https://thehackernews.com/2022/06/microsoft-seizes-41-domains-used-in.html", "https://twitter.com/ChicagoCyber/status/1512084888127561738", "https://news.microsoft.com/wp-content/uploads/prod/sites/358/2022/06/Doc.-No.-16-Ex-parte-TRO-SEALED.pdf", "https://noticeofpleadings.com/Bohrium/files/Complaint_and_Summons/Appendix%20A%20-%20Domains.pdf" ], "related": { "alienvault": { "adversary": [ "UNC788" ], "malware_families": [ "Hilalrat" ], "industries": [ "Finance", "Ngo", "Government", "Energy" ] }, "other": { "adversary": [ "BOHRIUM", "TA455" ], "malware_families": [], "industries": [] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 6, "pulses": [ { "id": "624f0d6039be61f29b5f463c", "name": "Adversarial Threat Report - April 2022", "description": "Cyber espionage actors typically target people across the internet to collect intelligence, manipulate them into revealing information, and compromise their devices and accounts. Researchers identified a group of hackers from Iran, known in the security industry as UNC788, that targeted people in the Middle East, including Saudi military, dissidents and human rights activists from Israel and Iran, politicians in the US, and Iran-focused academics, activists and journalists around the world.", "modified": "2022-04-07T16:12:15.720000", "created": "2022-04-07T16:12:15.720000", "tags": [ "HilalRAT", "Meta", "Facebook", "NGOs", "Geopolitical conflict", "UNC788", "VMware" ], "references": [ "https://about.fb.com/wp-content/uploads/2022/04/Meta-Quarterly-Adversarial-Threat-Report_Q1-2022.pdf" ], "public": 1, "adversary": "UNC788", "targeted_countries": [ "United States of America", "Canada", "Germany", "United Arab Emirates", "Norway", "Iceland", "Israel", "India", "Azerbaijan", "Saudi Arabia", "Brazil", "Ukraine", "Nigeria", "Cameroon", "Gambia", "Zimbabwe", "Congo" ], "malware_families": [ { "id": "HilalRAT", "display_name": "HilalRAT", "target": null } ], "attack_ids": [ { "id": "T1102", "name": "Web Service", "display_name": "T1102 - Web Service" }, { "id": "T1017", "name": "Application Deployment Software", "display_name": "T1017 - Application Deployment Software" }, { "id": "T1498", "name": "Network Denial of Service", "display_name": "T1498 - Network Denial of Service" }, { "id": "T1499", "name": "Endpoint Denial of Service", "display_name": "T1499 - Endpoint Denial of Service" }, { "id": "T1192", "name": "Spearphishing Link", "display_name": "T1192 - Spearphishing Link" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1021", "name": "Remote Services", "display_name": "T1021 - Remote Services" }, { "id": "T1081", "name": "Credentials in Files", "display_name": "T1081 - Credentials in Files" }, { "id": "T1119", "name": "Automated Collection", "display_name": "T1119 - Automated Collection" } ], "industries": [ "Energy", "Finance", "Government", "NGO" ], "TLP": "white", "cloned_from": null, "export_count": 292, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 7, "FileHash-SHA1": 1, "FileHash-SHA256": 1, "URL": 3, "domain": 57, "hostname": 10 }, "indicator_count": 79, "is_author": false, "is_subscribing": null, "subscriber_count": 386555, "modified_text": "1515 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "63d7a3b4d313f9bc61f5e2df", "name": "Microsoft Seizes 41 Domains Used in Spear-Phishing Attacks by Bohrium Hackers", "description": "", "modified": "2023-01-30T11:02:12.246000", "created": "2023-01-30T11:02:12.246000", "tags": [], "references": [ "https://news.microsoft.com/wp-content/uploads/prod/sites/358/2022/06/Doc.-No.-16-Ex-parte-TRO-SEALED.pdf", "https://thehackernews.com/2022/06/microsoft-seizes-41-domains-used-in.html", "https://twitter.com/CyberAmyHB/status/1532398956918890500" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" } ], "industries": [], "TLP": "white", "cloned_from": "629f09efc654decd2834e4d9", "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Tr1sa111", "id": "192483", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 41 }, "indicator_count": 41, "is_author": false, "is_subscribing": null, "subscriber_count": 276, "modified_text": "1217 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "629f09efc654decd2834e4d9", "name": " Microsoft Seizes 41 Domains Used in Spear-Phishing Attacks by Bohrium Hackers", "description": "", "modified": "2022-06-07T08:18:55.253000", "created": "2022-06-07T08:18:55.253000", "tags": [], "references": [ "https://news.microsoft.com/wp-content/uploads/prod/sites/358/2022/06/Doc.-No.-16-Ex-parte-TRO-SEALED.pdf", "https://thehackernews.com/2022/06/microsoft-seizes-41-domains-used-in.html", "https://twitter.com/CyberAmyHB/status/1532398956918890500" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" } ], "industries": [], "TLP": "white", "cloned_from": "629df6517d7445e4719ddca8", "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunter_NL", "id": "171283", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_171283/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 41 }, "indicator_count": 41, "is_author": false, "is_subscribing": null, "subscriber_count": 862, "modified_text": "1454 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "629df6517d7445e4719ddca8", "name": "Microsoft Seizes 41 Domains Used in Spear-Phishing Attacks by Bohrium Hackers", "description": "To halt the malicious activities of Bohrium, Microsoft said it took down 41 \".com,\" \".info,\" \".live,\" \".me,\" \".net,\" \".org,\" and \".xyz\" domains that were used as command-and-control infrastructure to facilitate the spear-phishing campaign.", "modified": "2022-06-06T12:42:57.024000", "created": "2022-06-06T12:42:57.024000", "tags": [], "references": [ "https://news.microsoft.com/wp-content/uploads/prod/sites/358/2022/06/Doc.-No.-16-Ex-parte-TRO-SEALED.pdf", "https://thehackernews.com/2022/06/microsoft-seizes-41-domains-used-in.html", "https://twitter.com/CyberAmyHB/status/1532398956918890500" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "bluewatcher", "id": "174522", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 41 }, "indicator_count": 41, "is_author": false, "is_subscribing": null, "subscriber_count": 111, "modified_text": "1455 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6299dc25ec4abd68c8f8b165", "name": "Microsoft Digital Crimes Unit takes down BOHRIUM (Iranian APT) domains", "description": "Bohrium specializes in spearphishing operations which are designed to steal user credentials and other sensitive information from computers connected to the Internet by infecting the targeted computers with malicious software (\u201cmalware\u201d). The precise identities and locations of those behind the Bohrium activity are generally unknown but have been linked by many in the security community to an Iranian group or groups.", "modified": "2022-06-03T10:02:13.138000", "created": "2022-06-03T10:02:13.138000", "tags": [], "references": [ "https://noticeofpleadings.com/Bohrium/files/Complaint_and_Summons/Appendix%20A%20-%20Domains.pdf", "https://noticeofpleadings.com/Bohrium/files/Complaint_and_Summons/Complaint.pdf", "https://noticeofpleadings.com/bohrium/", "https://twitter.com/CyberAmyHB/status/1532398956918890500?s=20&t=n199vileVN6Ft2pyYt0KUw" ], "public": 1, "adversary": "BOHRIUM", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 7, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "BushidoToken", "id": "110921", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_110921/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 41 }, "indicator_count": 41, "is_author": false, "is_subscribing": null, "subscriber_count": 177, "modified_text": "1458 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6260576f481e853fdedd5b2c", "name": "TA455 from Iran", "description": "Facebook/Meta took action against a previously unreported hacking group from Iran that targeted or\nspoofed companies in multiple industries around the world. This included energy companies in\nSaudi Arabia, Canada, Italy, and Russia; the information technology industry in India and United\nArab Emirates; the maritime logistics industry in UAE, Iceland, Norway, Saudi Arabia, US, Israel, \nand India; telecommunications companies in Saudi Arabia and UAE; and the semiconductor\nindustry in Israel, US, and Germany. This group used similar TTPs to another threat actor dubbed Tortoiseshell that we reported on\nlast year, but in this case we saw different targeting, technical infrastructure, and distinct\nmalware.", "modified": "2022-04-20T18:56:47.303000", "created": "2022-04-20T18:56:47.303000", "tags": [ "domains" ], "references": [ "https://about.fb.com/wp-content/uploads/2022/04/Meta-Quarterly-Adversarial-Threat-Report_Q1-2022.pdf", "https://twitter.com/ChicagoCyber/status/1512084888127561738" ], "public": 1, "adversary": "TA455", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 167, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "343GuiltySpark", "id": "91492", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_91492/resized/80/avatar_b7653559df.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 6, "domain": 48 }, "indicator_count": 54, "is_author": false, "is_subscribing": null, "subscriber_count": 559, "modified_text": "1501 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "outlookde.live", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "outlookde.live", "found": false, "verdict": "clean", "urls": [], "error": null }, "from_cache": true, "_cached_at": 1780246935.7141747 }