{ "type": "Domain", "indicator": "peercon.org", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/peercon.org", "alexa": "http://www.alexa.com/siteinfo/peercon.org", "indicator": "peercon.org", "type": "domain", "type_title": "Domain", "validation": [], "base_indicator": { "id": 4041513298, "indicator": "peercon.org", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 3, "pulses": [ { "id": "672f6ed2b564f00b7c5cb13f", "name": "Threatfox Recent Additions", "description": "", "modified": "2025-06-13T19:00:02.811000", "created": "2024-11-09T14:16:50.032000", "tags": [], "references": [ "", "https://threatfox.abuse.ch/export/csv/recent/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 96, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "ameermane", "id": "77501", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 47587, "URL": 18714, "FileHash-SHA256": 36311, "FileHash-MD5": 1630, "FileHash-SHA1": 418, "hostname": 18190 }, "indicator_count": 122850, "is_author": false, "is_subscribing": null, "subscriber_count": 144, "modified_text": "354 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "67c58af18e57e8aa6e5eecb7", "name": "Long Live The Vo1d Botnet: New Variant Hits 1.6 Million TV Globally", "description": "On February 24, 2025, NBC News reported: \"Unauthorized AI-generated footage suddenly played on televisions at the U.S. Department of Housing and Urban Development (HUD) headquarters in Washington, D.C. The video showed President Donald Trump bowing to kiss Elon Musk's toes, accompanied by the bold caption LONG LIVE THE REAL KING. Staff were unable to shut it down and had to unplug all TVs.\" The incident quickly sparked widespread public debate and caught the attention of the cybersecurity community, prompting a reevaluation of the significant risks posed by hacked devices like televisions and set-top boxes.", "modified": "2025-04-02T10:03:00.822000", "created": "2025-03-03T10:56:49.370000", "tags": [ "dga", "botnet", "android", "backdoor", "en", "vo1d", "vo1d botnet", "january", "february", "china", "below", "redirector c2", "bigpanzi", "dga algorithm", "codomain system", "downloader", "impact", "twitter", "fraud", "drop", "python", "dexloader", "test", "leave", "virustotal" ], "references": [ "https://blog.xlab.qianxin.com/long-live-the-vo1d_botnet/#ioc" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 7, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunter_NL", "id": "171283", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_171283/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 26, "FileHash-SHA1": 2, "FileHash-SHA256": 1, "URL": 15, "domain": 31, "hostname": 15 }, "indicator_count": 90, "is_author": false, "is_subscribing": null, "subscriber_count": 862, "modified_text": "427 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "67c18be84642fbcfd094c2ce", "name": "Long Live The Vo1d Botnet: New Variant Hits 1.6 Million TV Globally", "description": "A new variant of the Vo1d botnet is taking control of 1.6 million Android TV devices worldwide, according to a new report by cybersecurity researchers XLab and its artificial intelligence unit.", "modified": "2025-03-30T10:00:20.183000", "created": "2025-02-28T10:11:52.868000", "tags": [ "dga", "en", "android", "backdoor", "botnet", "vo1d", "vo1d botnet", "january", "february", "china", "below", "redirector c2", "dga algorithm", "codomain system", "xxtea key", "downloader", "impact", "twitter", "fraud", "drop", "python", "dexloader", "test", "leave", "virustotal", "bigpanzi", "mirai", "dex" ], "references": [ "https://blog.xlab.qianxin.com/long-live-the-vo1d_botnet/" ], "public": 1, "adversary": "", "targeted_countries": [ "India", "United States of America", "China" ], "malware_families": [ { "id": "Bigpanzi", "display_name": "Bigpanzi", "target": null }, { "id": "Mirai", "display_name": "Mirai", "target": null }, { "id": "DEX", "display_name": "DEX", "target": null }, { "id": "Vo1d", "display_name": "Vo1d", "target": null } ], "attack_ids": [ { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1040", "name": "Network Sniffing", "display_name": "T1040 - Network Sniffing" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1552", "name": "Unsecured Credentials", "display_name": "T1552 - Unsecured Credentials" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1195", "name": "Supply Chain Compromise", "display_name": "T1195 - Supply Chain Compromise" }, { "id": "T1495", "name": "Firmware Corruption", "display_name": "T1495 - Firmware Corruption" }, { "id": "T1090", "name": "Proxy", "display_name": "T1090 - Proxy" }, { "id": "T1102", "name": "Web Service", "display_name": "T1102 - Web Service" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1568", "name": "Dynamic Resolution", "display_name": "T1568 - Dynamic Resolution" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 13, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunter_NL", "id": "171283", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_171283/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 26, "FileHash-SHA1": 1, "URL": 15, "domain": 31, "hostname": 15 }, "indicator_count": 88, "is_author": false, "is_subscribing": null, "subscriber_count": 863, "modified_text": "430 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "references": [ "", "https://blog.xlab.qianxin.com/long-live-the-vo1d_botnet/#ioc", "https://threatfox.abuse.ch/export/csv/recent/", "https://blog.xlab.qianxin.com/long-live-the-vo1d_botnet/" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [] }, "other": { "adversary": [], "malware_families": [ "Mirai", "Dex", "Bigpanzi", "Vo1d" ], "industries": [] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 3, "pulses": [ { "id": "672f6ed2b564f00b7c5cb13f", "name": "Threatfox Recent Additions", "description": "", "modified": "2025-06-13T19:00:02.811000", "created": "2024-11-09T14:16:50.032000", "tags": [], "references": [ "", "https://threatfox.abuse.ch/export/csv/recent/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 96, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "ameermane", "id": "77501", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 47587, "URL": 18714, "FileHash-SHA256": 36311, "FileHash-MD5": 1630, "FileHash-SHA1": 418, "hostname": 18190 }, "indicator_count": 122850, "is_author": false, "is_subscribing": null, "subscriber_count": 144, "modified_text": "354 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "67c58af18e57e8aa6e5eecb7", "name": "Long Live The Vo1d Botnet: New Variant Hits 1.6 Million TV Globally", "description": "On February 24, 2025, NBC News reported: \"Unauthorized AI-generated footage suddenly played on televisions at the U.S. Department of Housing and Urban Development (HUD) headquarters in Washington, D.C. The video showed President Donald Trump bowing to kiss Elon Musk's toes, accompanied by the bold caption LONG LIVE THE REAL KING. Staff were unable to shut it down and had to unplug all TVs.\" The incident quickly sparked widespread public debate and caught the attention of the cybersecurity community, prompting a reevaluation of the significant risks posed by hacked devices like televisions and set-top boxes.", "modified": "2025-04-02T10:03:00.822000", "created": "2025-03-03T10:56:49.370000", "tags": [ "dga", "botnet", "android", "backdoor", "en", "vo1d", "vo1d botnet", "january", "february", "china", "below", "redirector c2", "bigpanzi", "dga algorithm", "codomain system", "downloader", "impact", "twitter", "fraud", "drop", "python", "dexloader", "test", "leave", "virustotal" ], "references": [ "https://blog.xlab.qianxin.com/long-live-the-vo1d_botnet/#ioc" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 7, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunter_NL", "id": "171283", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_171283/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 26, "FileHash-SHA1": 2, "FileHash-SHA256": 1, "URL": 15, "domain": 31, "hostname": 15 }, "indicator_count": 90, "is_author": false, "is_subscribing": null, "subscriber_count": 862, "modified_text": "427 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "67c18be84642fbcfd094c2ce", "name": "Long Live The Vo1d Botnet: New Variant Hits 1.6 Million TV Globally", "description": "A new variant of the Vo1d botnet is taking control of 1.6 million Android TV devices worldwide, according to a new report by cybersecurity researchers XLab and its artificial intelligence unit.", "modified": "2025-03-30T10:00:20.183000", "created": "2025-02-28T10:11:52.868000", "tags": [ "dga", "en", "android", "backdoor", "botnet", "vo1d", "vo1d botnet", "january", "february", "china", "below", "redirector c2", "dga algorithm", "codomain system", "xxtea key", "downloader", "impact", "twitter", "fraud", "drop", "python", "dexloader", "test", "leave", "virustotal", "bigpanzi", "mirai", "dex" ], "references": [ "https://blog.xlab.qianxin.com/long-live-the-vo1d_botnet/" ], "public": 1, "adversary": "", "targeted_countries": [ "India", "United States of America", "China" ], "malware_families": [ { "id": "Bigpanzi", "display_name": "Bigpanzi", "target": null }, { "id": "Mirai", "display_name": "Mirai", "target": null }, { "id": "DEX", "display_name": "DEX", "target": null }, { "id": "Vo1d", "display_name": "Vo1d", "target": null } ], "attack_ids": [ { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1040", "name": "Network Sniffing", "display_name": "T1040 - Network Sniffing" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1552", "name": "Unsecured Credentials", "display_name": "T1552 - Unsecured Credentials" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1195", "name": "Supply Chain Compromise", "display_name": "T1195 - Supply Chain Compromise" }, { "id": "T1495", "name": "Firmware Corruption", "display_name": "T1495 - Firmware Corruption" }, { "id": "T1090", "name": "Proxy", "display_name": "T1090 - Proxy" }, { "id": "T1102", "name": "Web Service", "display_name": "T1102 - Web Service" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1568", "name": "Dynamic Resolution", "display_name": "T1568 - Dynamic Resolution" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 13, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunter_NL", "id": "171283", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_171283/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 26, "FileHash-SHA1": 1, "URL": 15, "domain": 31, "hostname": 15 }, "indicator_count": 88, "is_author": false, "is_subscribing": null, "subscriber_count": 863, "modified_text": "430 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "peercon.org", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "peercon.org", "found": false, "verdict": "clean", "urls": [], "error": null }, "from_cache": true, "_cached_at": 1780499644.3058097 }