{ "type": "Domain", "indicator": "paradise-plaza.com", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/paradise-plaza.com", "alexa": "http://www.alexa.com/siteinfo/paradise-plaza.com", "indicator": "paradise-plaza.com", "type": "domain", "type_title": "Domain", "validation": [], "base_indicator": { "id": 749, "indicator": "paradise-plaza.com", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 3, "pulses": [ { "id": "5a16a16d3477580fcf4e359a", "name": "The Carbanak Fin7 Syndicate", "description": "The criminal gangs of the Carbanak/FIN7 syndicate have been attributed to\nnumerous intrusions in the banking, hospitality, retail and other industrial\nverticals, collecting financial information of all kinds. The name Carbanak\ncomes from \u201cCarberp,\u201d a banking Trojan whose source code was leaked, and\nAnunak, a custom Trojan that has evolved over the years. Since at least 2015,\nthe group appears to have fragmented into smaller, loosely related groups,\neach with its own preferred toolsets and Trojans, although many similarities\nin tactics, techniques and procedures (TTPs) exist.", "modified": "2018-01-08T14:46:47.339000", "created": "2017-11-23T10:22:37.574000", "tags": [ "carbanak", "fin7", "anunak" ], "references": [ "https://www.rsa.com/content/dam/en/white-paper/the-carbanak-fin7-syndicate.pdf" ], "public": 1, "adversary": "Anunak", "targeted_countries": [ "United States", "Russian Federation" ], "malware_families": [], "attack_ids": [], "industries": [ "Finance" ], "TLP": "white", "cloned_from": null, "export_count": 95, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 1, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "URL": 375, "FileHash-SHA256": 110, "YARA": 4, "domain": 76, "hostname": 16, "FileHash-MD5": 89, "FileHash-SHA1": 68, "CVE": 1 }, "indicator_count": 739, "is_author": false, "is_subscribing": null, "subscriber_count": 386625, "modified_text": "3064 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "54e7610d13432a12badec7e5", "name": "Carbanak", "description": "", "modified": "2017-08-30T17:33:50.546000", "created": "2015-02-20T16:30:05.470000", "tags": [], "references": [ "http://securelist.com/files/2015/02/Carbanak_APT_eng.pdf" ], "public": 1, "adversary": "Anunak", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": "", "export_count": 116, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "domain": 30, "URL": 1, "FileHash-MD5": 116 }, "indicator_count": 147, "is_author": false, "is_subscribing": null, "subscriber_count": 386574, "modified_text": "3195 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "5497da5d11d4080471a1a37e", "name": "Anunak: APT against financial institutions", "description": "", "modified": "2017-08-23T13:58:40.023000", "created": "2014-12-22T08:46:21.083000", "tags": [], "references": [ "pasted_text" ], "public": 1, "adversary": null, "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": "", "export_count": 72, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "domain": 19, "URL": 3, "FileHash-MD5": 28, "CVE": 2 }, "indicator_count": 52, "is_author": false, "is_subscribing": null, "subscriber_count": 386676, "modified_text": "3202 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "references": [ "https://www.rsa.com/content/dam/en/white-paper/the-carbanak-fin7-syndicate.pdf", "pasted_text", "http://securelist.com/files/2015/02/Carbanak_APT_eng.pdf" ], "related": { "alienvault": { "adversary": [ "Anunak" ], "malware_families": [], "industries": [ "Finance" ] }, "other": { "adversary": [], "malware_families": [], "industries": [] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 3, "pulses": [ { "id": "5a16a16d3477580fcf4e359a", "name": "The Carbanak Fin7 Syndicate", "description": "The criminal gangs of the Carbanak/FIN7 syndicate have been attributed to\nnumerous intrusions in the banking, hospitality, retail and other industrial\nverticals, collecting financial information of all kinds. The name Carbanak\ncomes from \u201cCarberp,\u201d a banking Trojan whose source code was leaked, and\nAnunak, a custom Trojan that has evolved over the years. Since at least 2015,\nthe group appears to have fragmented into smaller, loosely related groups,\neach with its own preferred toolsets and Trojans, although many similarities\nin tactics, techniques and procedures (TTPs) exist.", "modified": "2018-01-08T14:46:47.339000", "created": "2017-11-23T10:22:37.574000", "tags": [ "carbanak", "fin7", "anunak" ], "references": [ "https://www.rsa.com/content/dam/en/white-paper/the-carbanak-fin7-syndicate.pdf" ], "public": 1, "adversary": "Anunak", "targeted_countries": [ "United States", "Russian Federation" ], "malware_families": [], "attack_ids": [], "industries": [ "Finance" ], "TLP": "white", "cloned_from": null, "export_count": 95, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 1, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "URL": 375, "FileHash-SHA256": 110, "YARA": 4, "domain": 76, "hostname": 16, "FileHash-MD5": 89, "FileHash-SHA1": 68, "CVE": 1 }, "indicator_count": 739, "is_author": false, "is_subscribing": null, "subscriber_count": 386625, "modified_text": "3064 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "54e7610d13432a12badec7e5", "name": "Carbanak", "description": "", "modified": "2017-08-30T17:33:50.546000", "created": "2015-02-20T16:30:05.470000", "tags": [], "references": [ "http://securelist.com/files/2015/02/Carbanak_APT_eng.pdf" ], "public": 1, "adversary": "Anunak", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": "", "export_count": 116, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "domain": 30, "URL": 1, "FileHash-MD5": 116 }, "indicator_count": 147, "is_author": false, "is_subscribing": null, "subscriber_count": 386574, "modified_text": "3195 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "5497da5d11d4080471a1a37e", "name": "Anunak: APT against financial institutions", "description": "", "modified": "2017-08-23T13:58:40.023000", "created": "2014-12-22T08:46:21.083000", "tags": [], "references": [ "pasted_text" ], "public": 1, "adversary": null, "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": "", "export_count": 72, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "domain": 19, "URL": 3, "FileHash-MD5": 28, "CVE": 2 }, "indicator_count": 52, "is_author": false, "is_subscribing": null, "subscriber_count": 386676, "modified_text": "3202 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "paradise-plaza.com", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "paradise-plaza.com", "found": false, "verdict": "clean", "urls": [], "error": null }, "from_cache": true, "_cached_at": 1780223253.9555178 }