{ "type": "Domain", "indicator": "parapas.ru", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/parapas.ru", "alexa": "http://www.alexa.com/siteinfo/parapas.ru", "indicator": "parapas.ru", "type": "domain", "type_title": "Domain", "validation": [], "base_indicator": { "id": 3482756905, "indicator": "parapas.ru", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 12, "pulses": [ { "id": "63a23e0f836cbe86e53b447b", "name": "Russia\u2019s Trident Ursa (aka Gamaredon APT) Cyber Conflict Operations Unwavering Since Invasion of Ukraine", "description": "As the conflict has continued on the ground and in cyberspace, Trident Ursa has been operating as a dedicated access creator and intelligence gatherer. Trident Ursa remains one of the most pervasive, intrusive, continuously active and focused APTs targeting Ukraine.", "modified": "2023-01-19T22:04:44.402000", "created": "2022-12-20T22:58:23.105000", "tags": [ "ukraine", "russia", "trident ursa", "gamaredon", "dns flux", "phishing", "maldocs", "apt" ], "references": [ "https://unit42.paloaltonetworks.com/trident-ursa/", "https://github.com/pan-unit42/iocs/blob/master/Gamaredon/Gamaredon_IoCs_DEC2022.txt" ], "public": 1, "adversary": "Trident Ursa", "targeted_countries": [ "Ukraine" ], "malware_families": [], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1102", "name": "Web Service", "display_name": "T1102 - Web Service" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1557", "name": "Man-in-the-Middle", "display_name": "T1557 - Man-in-the-Middle" }, { "id": "T1559", "name": "Inter-Process Communication", "display_name": "T1559 - Inter-Process Communication" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1204", "name": "User Execution", "display_name": "T1204 - User Execution" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1047", "name": "Windows Management Instrumentation", "display_name": "T1047 - Windows Management Instrumentation" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 502, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 84, "FileHash-SHA1": 86, "FileHash-SHA256": 229, "URL": 3, "domain": 555, "hostname": 7 }, "indicator_count": 964, "is_author": false, "is_subscribing": null, "subscriber_count": 386492, "modified_text": "1227 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "66d90549c1c51747a7e34358", "name": "Russia\u2019s Trident Ursa (aka Gamaredon APT) Cyber Conflict Operations Unwavering Since Invasion of Ukraine (by AlienVault) enriched", "description": "", "modified": "2024-09-05T01:11:35.635000", "created": "2024-09-05T01:11:35.635000", "tags": [], "references": [ "63a23e0f836cbe86e53b447b.csv", "https://unit42.paloaltonetworks.com/trident-ursa/" ], "public": 1, "adversary": "Trident Ursa", "targeted_countries": [ "Ukraine" ], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "skocherhan", "id": "249290", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_249290/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 152, "FileHash-SHA1": 153, "FileHash-SHA256": 238, "URL": 2890, "domain": 557, "hostname": 1230 }, "indicator_count": 5220, "is_author": false, "is_subscribing": null, "subscriber_count": 185, "modified_text": "633 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "63a40a100ba18d2e54d9183d", "name": "Russia\u2019s Trident Ursa (aka Gamaredon APT) Cyber Conflict Operations Unwavering Since Invasion of Ukraine", "description": "RMPAC7/202 2/002 /1163 Data 21/12/2022 Gamaredon Group: continuano le operazioni cibernetiche dopo l\u2019invasione dell\u2019Ucraina", "modified": "2023-01-21T07:03:04.851000", "created": "2022-12-22T07:41:04.705000", "tags": [ "Gamaredon Group" ], "references": [ "2656787.misp-json", "https://unit42.paloaltonetworks.com/trident-ursa/", "https://github.com/pan-unit42/iocs/blob/master/Gamaredon/Gamaredon_IoCs_DEC2022.txt", "https://t.me/s/chabgei", "https://t.me/s/chanellsac", "https://t.me/s/chanelwer", "https://t.me/s/digitli", "https://t.me/s/dracarc", "https://t.me/s/lnk_44", "https://t.me/s/lnk153", "https://t.me/s/newtesta1", "https://t.me/s/templ36", "https://t.me/s/topnewsas", "https://t.me/s/toporsa", "https://t.me/s/vozmoz2", "https://t.me/s/vzloms", "https://t.me/s/vzloms_9", "https://t.me/s/zalup2", "https://t.me/s/zapula2", "https://t.me/vbs_run14" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 10, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "otx_support", "id": "26678", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 32, "domain": 553, "FileHash-SHA256": 221, "FileHash-MD5": 40, "FileHash-SHA1": 40 }, "indicator_count": 886, "is_author": false, "is_subscribing": null, "subscriber_count": 210, "modified_text": "1225 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "63be858391c37e13461193a9", "name": "Russia\u2019s Trident Ursa (aka Gamaredon APT) Cyber Conflict Operations Unwavering Since Invasion of Ukraine", "description": "", "modified": "2023-01-21T07:03:04.851000", "created": "2023-01-11T09:46:43.811000", "tags": [ "Trident Ursa", "Gamaredon" ], "references": [ "https://unit42.paloaltonetworks.com/trident-ursa/", "https://github.com/pan-unit42/iocs/blob/master/Gamaredon/Gamaredon_IoCs_DEC2022.txt", "" ], "public": 1, "adversary": "", "targeted_countries": [ "Ukraine" ], "malware_families": [], "attack_ids": [ { "id": "T1557", "name": "Man-in-the-Middle", "display_name": "T1557 - Man-in-the-Middle" }, { "id": "T1047", "name": "Windows Management Instrumentation", "display_name": "T1047 - Windows Management Instrumentation" }, { "id": "T1102", "name": "Web Service", "display_name": "T1102 - Web Service" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1559", "name": "Inter-Process Communication", "display_name": "T1559 - Inter-Process Communication" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1204", "name": "User Execution", "display_name": "T1204 - User Execution" } ], "industries": [ "Government" ], "TLP": "white", "cloned_from": "63a40a100ba18d2e54d9183d", "export_count": 14, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "rlawlgh827", "id": "208771", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 32, "domain": 553, "FileHash-SHA256": 241, "FileHash-MD5": 40, "FileHash-SHA1": 40, "URL": 17 }, "indicator_count": 923, "is_author": false, "is_subscribing": null, "subscriber_count": 37, "modified_text": "1225 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "63a2cca0231f4704fb04c1c8", "name": "Russia\u2019s Trident Ursa (aka Gamaredon APT) Cyber Conflict Operations Unwavering Since Invasion of Ukraine", "description": "As the conflict has continued on the ground and in cyberspace, Trident Ursa has been operating as a dedicated access creator and intelligence gatherer. Trident Ursa remains one of the most pervasive, intrusive, continuously active and focused APTs targeting Ukraine.", "modified": "2023-01-20T09:00:00.250000", "created": "2022-12-21T09:06:40.834000", "tags": [ "domain", "ip address", "sample", "url https", "Gamaredon" ], "references": [ "https://raw.githubusercontent.com/pan-unit42/iocs/master/Gamaredon/Gamaredon_IoCs_DEC2022.txt" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 16, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunter_NL", "id": "171283", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_171283/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 32, "URL": 17, "FileHash-MD5": 96, "FileHash-SHA1": 96, "FileHash-SHA256": 241, "domain": 564 }, "indicator_count": 1046, "is_author": false, "is_subscribing": null, "subscriber_count": 863, "modified_text": "1226 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "63a2aa8a89150b046cc1e835", "name": "Russia\u2019s Trident Ursa ( Gamaredon APT) Cyber Conflict Operations Unwavering Since Invasion of Ukraine", "description": "", "modified": "2023-01-19T22:04:44.402000", "created": "2022-12-21T06:41:14.278000", "tags": [ "ukraine", "russia", "trident ursa", "gamaredon", "dns flux", "phishing", "maldocs", "apt" ], "references": [ "https://unit42.paloaltonetworks.com/trident-ursa/", "https://github.com/pan-unit42/iocs/blob/master/Gamaredon/Gamaredon_IoCs_DEC2022.txt" ], "public": 1, "adversary": "Trident Ursa", "targeted_countries": [ "Ukraine" ], "malware_families": [], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1102", "name": "Web Service", "display_name": "T1102 - Web Service" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1557", "name": "Man-in-the-Middle", "display_name": "T1557 - Man-in-the-Middle" }, { "id": "T1559", "name": "Inter-Process Communication", "display_name": "T1559 - Inter-Process Communication" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1204", "name": "User Execution", "display_name": "T1204 - User Execution" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1047", "name": "Windows Management Instrumentation", "display_name": "T1047 - Windows Management Instrumentation" } ], "industries": [], "TLP": "white", "cloned_from": "63a23e0f836cbe86e53b447b", "export_count": 13, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "tr2222200", "id": "207905", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 84, "FileHash-SHA1": 86, "FileHash-SHA256": 229, "URL": 3, "domain": 555, "hostname": 7 }, "indicator_count": 964, "is_author": false, "is_subscribing": null, "subscriber_count": 188, "modified_text": "1227 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "63a2d2a332d80ccb63f9ad94", "name": "Russia\u2019s Trident Ursa ( Gamaredon APT) Cyber Conflict Operations Unwavering Since Invasion of Ukraine", "description": "", "modified": "2023-01-19T22:04:44.402000", "created": "2022-12-21T09:32:19.584000", "tags": [ "ukraine", "russia", "trident ursa", "gamaredon", "dns flux", "phishing", "maldocs", "apt" ], "references": [ "https://unit42.paloaltonetworks.com/trident-ursa/", "https://github.com/pan-unit42/iocs/blob/master/Gamaredon/Gamaredon_IoCs_DEC2022.txt" ], "public": 1, "adversary": "Trident Ursa", "targeted_countries": [ "Ukraine" ], "malware_families": [], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1102", "name": "Web Service", "display_name": "T1102 - Web Service" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1557", "name": "Man-in-the-Middle", "display_name": "T1557 - Man-in-the-Middle" }, { "id": "T1559", "name": "Inter-Process Communication", "display_name": "T1559 - Inter-Process Communication" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1204", "name": "User Execution", "display_name": "T1204 - User Execution" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1047", "name": "Windows Management Instrumentation", "display_name": "T1047 - Windows Management Instrumentation" } ], "industries": [], "TLP": "white", "cloned_from": "63a2aa8a89150b046cc1e835", "export_count": 13, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Tr1sa111", "id": "192483", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 84, "FileHash-SHA1": 86, "FileHash-SHA256": 229, "URL": 3, "domain": 555, "hostname": 7 }, "indicator_count": 964, "is_author": false, "is_subscribing": null, "subscriber_count": 279, "modified_text": "1227 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "63a1d1716eb178021b496cf5", "name": "Russia\u2019s Trident Ursa (aka Gamaredon APT) Cyber Conflict Operations Unwavering Since Invasion of Ukraine", "description": "Unit 42, a Palo Alto Networks cybersecurity research team, provides an update on Russia's advanced persistent threat (APT) group, Trident Ursa, which invaded Ukraine in February 2014 and continues to operate in cyberspace.", "modified": "2023-01-19T15:03:30.493000", "created": "2022-12-20T15:14:57.164000", "tags": [ "threatactor/gamaredon", "threatactor/tridentursa", "threatactor.primitivebear", "threatactor/actinium" ], "references": [ "https://unit42.paloaltonetworks.com/trident-ursa/#post-126209-_dyzu0g9z3zwx", "https://github.com/pan-unit42/iocs/blob/master/Gamaredon/Gamaredon_IoCs_DEC2022.txt" ], "public": 1, "adversary": "Gamaredon", "targeted_countries": [ "Ukraine" ], "malware_families": [ { "id": "Shadow Chaser", "display_name": "Shadow Chaser", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1102", "name": "Web Service", "display_name": "T1102 - Web Service" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1557", "name": "Man-in-the-Middle", "display_name": "T1557 - Man-in-the-Middle" }, { "id": "T1559", "name": "Inter-Process Communication", "display_name": "T1559 - Inter-Process Communication" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 23, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "eric.ford", "id": "42510", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_42510/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 101, "FileHash-SHA1": 102, "FileHash-SHA256": 255, "URL": 4, "domain": 578, "hostname": 7 }, "indicator_count": 1047, "is_author": false, "is_subscribing": null, "subscriber_count": 132, "modified_text": "1227 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "62c7fb0f8ab654b1c8ebb621", "name": "jintingtingtesttest", "description": "A look back at some of the most eye-catching stories of recent weeks, as compiled by the BBC News website, with the help of a handful of key characters:..com.-", "modified": "2022-08-07T00:05:43.824000", "created": "2022-07-08T09:38:23.587000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 7, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "jtt12345", "id": "194112", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 4268, "URL": 101, "FileHash-MD5": 13, "FileHash-SHA256": 1, "domain": 283 }, "indicator_count": 4666, "is_author": false, "is_subscribing": null, "subscriber_count": 30, "modified_text": "1393 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "62c7fb0ff1ead7d85fad5e43", "name": "jintingtingtesttest", "description": "A look back at some of the most eye-catching stories of recent weeks, as compiled by the BBC News website, with the help of a handful of key characters:..com.-", "modified": "2022-08-07T00:05:43.824000", "created": "2022-07-08T09:38:23.273000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 7, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "jtt12345", "id": "194112", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 4268, "URL": 101, "FileHash-MD5": 13, "FileHash-SHA256": 1, "domain": 283 }, "indicator_count": 4666, "is_author": false, "is_subscribing": null, "subscriber_count": 30, "modified_text": "1393 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "62c7fb128e18ef22262d95d0", "name": "jintingtingtesttest", "description": "A look back at some of the most eye-catching stories of recent weeks, as compiled by the BBC News website, with the help of a handful of key characters:..com.-", "modified": "2022-08-07T00:05:43.824000", "created": "2022-07-08T09:38:26.026000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 6, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "jtt12345", "id": "194112", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 4268, "URL": 101, "FileHash-MD5": 13, "FileHash-SHA256": 1, "domain": 283 }, "indicator_count": 4666, "is_author": false, "is_subscribing": null, "subscriber_count": 30, "modified_text": "1393 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "62b2594830278ae7b6d4172d", "name": "Twitter Feed - 500mk500 - 21-06-2022", "description": "", "modified": "2022-07-21T23:00:39.558000", "created": "2022-06-21T23:50:32.317000", "tags": [ "IcedID" ], "references": [ "https://twitter.com/500mk500/status/1539200153541812225", "https://twitter.com/500mk500/status/1539284135813980160", "https://twitter.com/500mk500/status/1539321502872510464", "https://twitter.com/500mk500/status/1539341973936537600" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunterAutoFeed", "id": "182496", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_182496/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 15, "hostname": 1 }, "indicator_count": 16, "is_author": false, "is_subscribing": null, "subscriber_count": 1620, "modified_text": "1409 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "references": [ "https://t.me/s/topnewsas", "", "https://t.me/s/templ36", "https://t.me/s/digitli", "https://twitter.com/500mk500/status/1539284135813980160", "63a23e0f836cbe86e53b447b.csv", "https://t.me/s/newtesta1", "https://t.me/s/chanelwer", "https://t.me/s/chabgei", "https://twitter.com/500mk500/status/1539341973936537600", "https://twitter.com/500mk500/status/1539200153541812225", "2656787.misp-json", "https://t.me/s/vzloms_9", "https://raw.githubusercontent.com/pan-unit42/iocs/master/Gamaredon/Gamaredon_IoCs_DEC2022.txt", "https://t.me/s/lnk_44", "https://t.me/s/zalup2", "https://unit42.paloaltonetworks.com/trident-ursa/", "https://github.com/pan-unit42/iocs/blob/master/Gamaredon/Gamaredon_IoCs_DEC2022.txt", "https://t.me/s/toporsa", "https://t.me/s/vzloms", "https://t.me/vbs_run14", "https://t.me/s/chanellsac", "https://twitter.com/500mk500/status/1539321502872510464", "https://unit42.paloaltonetworks.com/trident-ursa/#post-126209-_dyzu0g9z3zwx", "https://t.me/s/zapula2", "https://t.me/s/vozmoz2", "https://t.me/s/lnk153", "https://t.me/s/dracarc" ], "related": { "alienvault": { "adversary": [ "Trident Ursa" ], "malware_families": [], "industries": [] }, "other": { "adversary": [ "Gamaredon", "Trident Ursa" ], "malware_families": [ "Shadow chaser" ], "industries": [ "Government" ] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 12, "pulses": [ { "id": "63a23e0f836cbe86e53b447b", "name": "Russia\u2019s Trident Ursa (aka Gamaredon APT) Cyber Conflict Operations Unwavering Since Invasion of Ukraine", "description": "As the conflict has continued on the ground and in cyberspace, Trident Ursa has been operating as a dedicated access creator and intelligence gatherer. Trident Ursa remains one of the most pervasive, intrusive, continuously active and focused APTs targeting Ukraine.", "modified": "2023-01-19T22:04:44.402000", "created": "2022-12-20T22:58:23.105000", "tags": [ "ukraine", "russia", "trident ursa", "gamaredon", "dns flux", "phishing", "maldocs", "apt" ], "references": [ "https://unit42.paloaltonetworks.com/trident-ursa/", "https://github.com/pan-unit42/iocs/blob/master/Gamaredon/Gamaredon_IoCs_DEC2022.txt" ], "public": 1, "adversary": "Trident Ursa", "targeted_countries": [ "Ukraine" ], "malware_families": [], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1102", "name": "Web Service", "display_name": "T1102 - Web Service" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1557", "name": "Man-in-the-Middle", "display_name": "T1557 - Man-in-the-Middle" }, { "id": "T1559", "name": "Inter-Process Communication", "display_name": "T1559 - Inter-Process Communication" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1204", "name": "User Execution", "display_name": "T1204 - User Execution" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1047", "name": "Windows Management Instrumentation", "display_name": "T1047 - Windows Management Instrumentation" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 502, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 84, "FileHash-SHA1": 86, "FileHash-SHA256": 229, "URL": 3, "domain": 555, "hostname": 7 }, "indicator_count": 964, "is_author": false, "is_subscribing": null, "subscriber_count": 386492, "modified_text": "1227 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "66d90549c1c51747a7e34358", "name": "Russia\u2019s Trident Ursa (aka Gamaredon APT) Cyber Conflict Operations Unwavering Since Invasion of Ukraine (by AlienVault) enriched", "description": "", "modified": "2024-09-05T01:11:35.635000", "created": "2024-09-05T01:11:35.635000", "tags": [], "references": [ "63a23e0f836cbe86e53b447b.csv", "https://unit42.paloaltonetworks.com/trident-ursa/" ], "public": 1, "adversary": "Trident Ursa", "targeted_countries": [ "Ukraine" ], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "skocherhan", "id": "249290", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_249290/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 152, "FileHash-SHA1": 153, "FileHash-SHA256": 238, "URL": 2890, "domain": 557, "hostname": 1230 }, "indicator_count": 5220, "is_author": false, "is_subscribing": null, "subscriber_count": 185, "modified_text": "633 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "63a40a100ba18d2e54d9183d", "name": "Russia\u2019s Trident Ursa (aka Gamaredon APT) Cyber Conflict Operations Unwavering Since Invasion of Ukraine", "description": "RMPAC7/202 2/002 /1163 Data 21/12/2022 Gamaredon Group: continuano le operazioni cibernetiche dopo l\u2019invasione dell\u2019Ucraina", "modified": "2023-01-21T07:03:04.851000", "created": "2022-12-22T07:41:04.705000", "tags": [ "Gamaredon Group" ], "references": [ "2656787.misp-json", "https://unit42.paloaltonetworks.com/trident-ursa/", "https://github.com/pan-unit42/iocs/blob/master/Gamaredon/Gamaredon_IoCs_DEC2022.txt", "https://t.me/s/chabgei", "https://t.me/s/chanellsac", "https://t.me/s/chanelwer", "https://t.me/s/digitli", "https://t.me/s/dracarc", "https://t.me/s/lnk_44", "https://t.me/s/lnk153", "https://t.me/s/newtesta1", "https://t.me/s/templ36", "https://t.me/s/topnewsas", "https://t.me/s/toporsa", "https://t.me/s/vozmoz2", "https://t.me/s/vzloms", "https://t.me/s/vzloms_9", "https://t.me/s/zalup2", "https://t.me/s/zapula2", "https://t.me/vbs_run14" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 10, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "otx_support", "id": "26678", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 32, "domain": 553, "FileHash-SHA256": 221, "FileHash-MD5": 40, "FileHash-SHA1": 40 }, "indicator_count": 886, "is_author": false, "is_subscribing": null, "subscriber_count": 210, "modified_text": "1225 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "63be858391c37e13461193a9", "name": "Russia\u2019s Trident Ursa (aka Gamaredon APT) Cyber Conflict Operations Unwavering Since Invasion of Ukraine", "description": "", "modified": "2023-01-21T07:03:04.851000", "created": "2023-01-11T09:46:43.811000", "tags": [ "Trident Ursa", "Gamaredon" ], "references": [ "https://unit42.paloaltonetworks.com/trident-ursa/", "https://github.com/pan-unit42/iocs/blob/master/Gamaredon/Gamaredon_IoCs_DEC2022.txt", "" ], "public": 1, "adversary": "", "targeted_countries": [ "Ukraine" ], "malware_families": [], "attack_ids": [ { "id": "T1557", "name": "Man-in-the-Middle", "display_name": "T1557 - Man-in-the-Middle" }, { "id": "T1047", "name": "Windows Management Instrumentation", "display_name": "T1047 - Windows Management Instrumentation" }, { "id": "T1102", "name": "Web Service", "display_name": "T1102 - Web Service" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1559", "name": "Inter-Process Communication", "display_name": "T1559 - Inter-Process Communication" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1204", "name": "User Execution", "display_name": "T1204 - User Execution" } ], "industries": [ "Government" ], "TLP": "white", "cloned_from": "63a40a100ba18d2e54d9183d", "export_count": 14, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "rlawlgh827", "id": "208771", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 32, "domain": 553, "FileHash-SHA256": 241, "FileHash-MD5": 40, "FileHash-SHA1": 40, "URL": 17 }, "indicator_count": 923, "is_author": false, "is_subscribing": null, "subscriber_count": 37, "modified_text": "1225 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "63a2cca0231f4704fb04c1c8", "name": "Russia\u2019s Trident Ursa (aka Gamaredon APT) Cyber Conflict Operations Unwavering Since Invasion of Ukraine", "description": "As the conflict has continued on the ground and in cyberspace, Trident Ursa has been operating as a dedicated access creator and intelligence gatherer. Trident Ursa remains one of the most pervasive, intrusive, continuously active and focused APTs targeting Ukraine.", "modified": "2023-01-20T09:00:00.250000", "created": "2022-12-21T09:06:40.834000", "tags": [ "domain", "ip address", "sample", "url https", "Gamaredon" ], "references": [ "https://raw.githubusercontent.com/pan-unit42/iocs/master/Gamaredon/Gamaredon_IoCs_DEC2022.txt" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 16, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunter_NL", "id": "171283", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_171283/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 32, "URL": 17, "FileHash-MD5": 96, "FileHash-SHA1": 96, "FileHash-SHA256": 241, "domain": 564 }, "indicator_count": 1046, "is_author": false, "is_subscribing": null, "subscriber_count": 863, "modified_text": "1226 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "63a2aa8a89150b046cc1e835", "name": "Russia\u2019s Trident Ursa ( Gamaredon APT) Cyber Conflict Operations Unwavering Since Invasion of Ukraine", "description": "", "modified": "2023-01-19T22:04:44.402000", "created": "2022-12-21T06:41:14.278000", "tags": [ "ukraine", "russia", "trident ursa", "gamaredon", "dns flux", "phishing", "maldocs", "apt" ], "references": [ "https://unit42.paloaltonetworks.com/trident-ursa/", "https://github.com/pan-unit42/iocs/blob/master/Gamaredon/Gamaredon_IoCs_DEC2022.txt" ], "public": 1, "adversary": "Trident Ursa", "targeted_countries": [ "Ukraine" ], "malware_families": [], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1102", "name": "Web Service", "display_name": "T1102 - Web Service" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1557", "name": "Man-in-the-Middle", "display_name": "T1557 - Man-in-the-Middle" }, { "id": "T1559", "name": "Inter-Process Communication", "display_name": "T1559 - Inter-Process Communication" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1204", "name": "User Execution", "display_name": "T1204 - User Execution" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1047", "name": "Windows Management Instrumentation", "display_name": "T1047 - Windows Management Instrumentation" } ], "industries": [], "TLP": "white", "cloned_from": "63a23e0f836cbe86e53b447b", "export_count": 13, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "tr2222200", "id": "207905", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 84, "FileHash-SHA1": 86, "FileHash-SHA256": 229, "URL": 3, "domain": 555, "hostname": 7 }, "indicator_count": 964, "is_author": false, "is_subscribing": null, "subscriber_count": 188, "modified_text": "1227 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "63a2d2a332d80ccb63f9ad94", "name": "Russia\u2019s Trident Ursa ( Gamaredon APT) Cyber Conflict Operations Unwavering Since Invasion of Ukraine", "description": "", "modified": "2023-01-19T22:04:44.402000", "created": "2022-12-21T09:32:19.584000", "tags": [ "ukraine", "russia", "trident ursa", "gamaredon", "dns flux", "phishing", "maldocs", "apt" ], "references": [ "https://unit42.paloaltonetworks.com/trident-ursa/", "https://github.com/pan-unit42/iocs/blob/master/Gamaredon/Gamaredon_IoCs_DEC2022.txt" ], "public": 1, "adversary": "Trident Ursa", "targeted_countries": [ "Ukraine" ], "malware_families": [], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1102", "name": "Web Service", "display_name": "T1102 - Web Service" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1557", "name": "Man-in-the-Middle", "display_name": "T1557 - Man-in-the-Middle" }, { "id": "T1559", "name": "Inter-Process Communication", "display_name": "T1559 - Inter-Process Communication" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1204", "name": "User Execution", "display_name": "T1204 - User Execution" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1047", "name": "Windows Management Instrumentation", "display_name": "T1047 - Windows Management Instrumentation" } ], "industries": [], "TLP": "white", "cloned_from": "63a2aa8a89150b046cc1e835", "export_count": 13, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Tr1sa111", "id": "192483", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 84, "FileHash-SHA1": 86, "FileHash-SHA256": 229, "URL": 3, "domain": 555, "hostname": 7 }, "indicator_count": 964, "is_author": false, "is_subscribing": null, "subscriber_count": 279, "modified_text": "1227 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "63a1d1716eb178021b496cf5", "name": "Russia\u2019s Trident Ursa (aka Gamaredon APT) Cyber Conflict Operations Unwavering Since Invasion of Ukraine", "description": "Unit 42, a Palo Alto Networks cybersecurity research team, provides an update on Russia's advanced persistent threat (APT) group, Trident Ursa, which invaded Ukraine in February 2014 and continues to operate in cyberspace.", "modified": "2023-01-19T15:03:30.493000", "created": "2022-12-20T15:14:57.164000", "tags": [ "threatactor/gamaredon", "threatactor/tridentursa", "threatactor.primitivebear", "threatactor/actinium" ], "references": [ "https://unit42.paloaltonetworks.com/trident-ursa/#post-126209-_dyzu0g9z3zwx", "https://github.com/pan-unit42/iocs/blob/master/Gamaredon/Gamaredon_IoCs_DEC2022.txt" ], "public": 1, "adversary": "Gamaredon", "targeted_countries": [ "Ukraine" ], "malware_families": [ { "id": "Shadow Chaser", "display_name": "Shadow Chaser", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1102", "name": "Web Service", "display_name": "T1102 - Web Service" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1557", "name": "Man-in-the-Middle", "display_name": "T1557 - Man-in-the-Middle" }, { "id": "T1559", "name": "Inter-Process Communication", "display_name": "T1559 - Inter-Process Communication" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 23, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "eric.ford", "id": "42510", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_42510/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 101, "FileHash-SHA1": 102, "FileHash-SHA256": 255, "URL": 4, "domain": 578, "hostname": 7 }, "indicator_count": 1047, "is_author": false, "is_subscribing": null, "subscriber_count": 132, "modified_text": "1227 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "62c7fb0f8ab654b1c8ebb621", "name": "jintingtingtesttest", "description": "A look back at some of the most eye-catching stories of recent weeks, as compiled by the BBC News website, with the help of a handful of key characters:..com.-", "modified": "2022-08-07T00:05:43.824000", "created": "2022-07-08T09:38:23.587000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 7, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "jtt12345", "id": "194112", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 4268, "URL": 101, "FileHash-MD5": 13, "FileHash-SHA256": 1, "domain": 283 }, "indicator_count": 4666, "is_author": false, "is_subscribing": null, "subscriber_count": 30, "modified_text": "1393 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "62c7fb0ff1ead7d85fad5e43", "name": "jintingtingtesttest", "description": "A look back at some of the most eye-catching stories of recent weeks, as compiled by the BBC News website, with the help of a handful of key characters:..com.-", "modified": "2022-08-07T00:05:43.824000", "created": "2022-07-08T09:38:23.273000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 7, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "jtt12345", "id": "194112", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 4268, "URL": 101, "FileHash-MD5": 13, "FileHash-SHA256": 1, "domain": 283 }, "indicator_count": 4666, "is_author": false, "is_subscribing": null, "subscriber_count": 30, "modified_text": "1393 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "parapas.ru", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "parapas.ru", "found": false, "verdict": "clean", "urls": [], "error": null }, "from_cache": true, "_cached_at": 1780205847.2983806 }