{ "type": "Domain", "indicator": "parachut.ru", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/parachut.ru", "alexa": "http://www.alexa.com/siteinfo/parachut.ru", "indicator": "parachut.ru", "type": "domain", "type_title": "Domain", "validation": [], "base_indicator": { "id": 3918564567, "indicator": "parachut.ru", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 1, "pulses": [ { "id": "668d0676b602804cf4cde668", "name": "Malevolent Tracking | Hunting", "description": "File.exe found in walmarttmobile.cn", "modified": "2024-08-08T09:04:01.437000", "created": "2024-07-09T09:44:22.875000", "tags": [ "pe32", "intel", "ms windows", "windows screen", "win32 dynamic", "link library", "win16 ne", "icons library", "pe32 compiler", "ltcgc", "info compiler", "products", "windows server", "sp1 ddk", "vs2008", "vs2010", "header intel", "name md5", "overlay", "alibaba cloud", "hichina", "urls", "ip detections", "country", "enumerate", "run keys", "startup", "get session", "get disk", "windows get", "mitre att", "ta0002 shared", "modules t1129", "link function", "malware", "catalog tree", "analysis ob0001", "evasion b0003", "analysis ob0002", "control ob0004", "b0030 send", "receive data", "evasion ob0006", "ob0007 system", "e1082 file", "request", "accept", "msie", "windows nt", "wow64", "slcc2", "media center", "post http", "contentlength", "http requests", "localappdata", "hashes", "file system", "appdata", "inetfiles", "system32", "signals mutexes", "mutexes", "mutex", "processes", "tree", "process", "created", "processes tree", "threat roundup", "referrer", "june", "october", "apple ios", "tracking", "july", "december", "pyinstaller", "apple", "hacktool", "skynet", "plugx", "ermac", "cryptbot", "anubis", "tsara", "tsara brashears", "get", "apple private", "data collection", "teams", "win32", "search", "record value", "date", "entries", "gmt server", "certificate", "scan endpoints", "all scoreblue", "hostname", "trojan" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [ { "id": "Win.Malware.Vtflooder-6725383-1", "display_name": "Win.Malware.Vtflooder-6725383-1", "target": null } ], "attack_ids": [ { "id": "T1016", "name": "System Network Configuration Discovery", "display_name": "T1016 - System Network Configuration Discovery" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1033", "name": "System Owner/User Discovery", "display_name": "T1033 - System Owner/User Discovery" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1087", "name": "Account Discovery", "display_name": "T1087 - Account Discovery" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1135", "name": "Network Share Discovery", "display_name": "T1135 - Network Share Discovery" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 20, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "scoreblue", "id": "254100", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_254100/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 469, "FileHash-MD5": 26, "FileHash-SHA1": 18, "URL": 74, "domain": 129, "hostname": 124, "email": 1 }, "indicator_count": 841, "is_author": false, "is_subscribing": null, "subscriber_count": 226, "modified_text": "620 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "references": [], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [] }, "other": { "adversary": [], "malware_families": [ "Win.malware.vtflooder-6725383-1" ], "industries": [] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 1, "pulses": [ { "id": "668d0676b602804cf4cde668", "name": "Malevolent Tracking | Hunting", "description": "File.exe found in walmarttmobile.cn", "modified": "2024-08-08T09:04:01.437000", "created": "2024-07-09T09:44:22.875000", "tags": [ "pe32", "intel", "ms windows", "windows screen", "win32 dynamic", "link library", "win16 ne", "icons library", "pe32 compiler", "ltcgc", "info compiler", "products", "windows server", "sp1 ddk", "vs2008", "vs2010", "header intel", "name md5", "overlay", "alibaba cloud", "hichina", "urls", "ip detections", "country", "enumerate", "run keys", "startup", "get session", "get disk", "windows get", "mitre att", "ta0002 shared", "modules t1129", "link function", "malware", "catalog tree", "analysis ob0001", "evasion b0003", "analysis ob0002", "control ob0004", "b0030 send", "receive data", "evasion ob0006", "ob0007 system", "e1082 file", "request", "accept", "msie", "windows nt", "wow64", "slcc2", "media center", "post http", "contentlength", "http requests", "localappdata", "hashes", "file system", "appdata", "inetfiles", "system32", "signals mutexes", "mutexes", "mutex", "processes", "tree", "process", "created", "processes tree", "threat roundup", "referrer", "june", "october", "apple ios", "tracking", "july", "december", "pyinstaller", "apple", "hacktool", "skynet", "plugx", "ermac", "cryptbot", "anubis", "tsara", "tsara brashears", "get", "apple private", "data collection", "teams", "win32", "search", "record value", "date", "entries", "gmt server", "certificate", "scan endpoints", "all scoreblue", "hostname", "trojan" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [ { "id": "Win.Malware.Vtflooder-6725383-1", "display_name": "Win.Malware.Vtflooder-6725383-1", "target": null } ], "attack_ids": [ { "id": "T1016", "name": "System Network Configuration Discovery", "display_name": "T1016 - System Network Configuration Discovery" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1033", "name": "System Owner/User Discovery", "display_name": "T1033 - System Owner/User Discovery" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1087", "name": "Account Discovery", "display_name": "T1087 - Account Discovery" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1135", "name": "Network Share Discovery", "display_name": "T1135 - Network Share Discovery" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 20, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "scoreblue", "id": "254100", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_254100/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 469, "FileHash-MD5": 26, "FileHash-SHA1": 18, "URL": 74, "domain": 129, "hostname": 124, "email": 1 }, "indicator_count": 841, "is_author": false, "is_subscribing": null, "subscriber_count": 226, "modified_text": "620 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "parachut.ru", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "parachut.ru", "found": false, "verdict": "clean", "urls": [], "error": null }, "from_cache": true, "_cached_at": 1776723782.2928255 }