{ "type": "Domain", "indicator": "print.ru", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/print.ru", "alexa": "http://www.alexa.com/siteinfo/print.ru", "indicator": "print.ru", "type": "domain", "type_title": "Domain", "validation": [], "base_indicator": { "id": 4184712206, "indicator": "print.ru", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 2, "pulses": [ { "id": "697a9015a6b6986b45485d39", "name": "EbeeJan2026 Pt5", "description": "Multiple APT/threat actors, Malware and Campaigns", "modified": "2026-02-27T22:03:31.816000", "created": "2026-01-28T22:39:17.725000", "tags": [ "filehashsha256", "filehashmd5", "filehashsha1" ], "references": [ "IOCs.csv" ], "public": 1, "adversary": "PhantomCore, Campaign Targeting Leveraging VS Code, Watering Hole Attack Targets EmEditor Users", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 4, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "IMEBEEIMFINE", "id": "343873", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 3, "FileHash-MD5": 212, "FileHash-SHA1": 212, "FileHash-SHA256": 338, "URL": 16, "domain": 109, "email": 7, "hostname": 83 }, "indicator_count": 980, "is_author": false, "is_subscribing": null, "subscriber_count": 41, "modified_text": "92 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "697321c7ab64523a58324123", "name": "Restless spirit: PhantomCore spies have carried out new attacks on Russian companies", "description": "PhantomCore, a cyber espionage group, has recently targeted multiple sectors within Russian companies, utilizing malicious email campaigns to execute their attacks. Analysts from the F6 Cybersecurity Center reported that these attacks were launched on January 19 and 21, 2026, with emails directed towards various industries, including housing and utilities, finance, urban infrastructure, municipal services, aerospace, B2C digital services, chemical production, construction, consumer goods, and e-commerce.\n\nThe F6 Business Email Protection (BEP) system played a crucial role in identifying and blocking these malicious communications before they reached their intended targets. The content of these emails likely aimed to facilitate unauthorized access to sensitive information or exploit specific vulnerabilities in the targeted organizations.", "modified": "2026-02-22T07:03:34.559000", "created": "2026-01-23T07:22:47.519000", "tags": [ "powershell", "phantomcore", "phantom", "core", "newtimespan d", "getdate", "sha1", "hubs" ], "references": [ "https://habr.com/ru/companies/F6/articles/987734/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "PetrP.73", "id": "154605", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 1, "FileHash-SHA1": 10, "FileHash-SHA256": 1, "URL": 1, "domain": 10, "hostname": 1 }, "indicator_count": 24, "is_author": false, "is_subscribing": null, "subscriber_count": 539, "modified_text": "98 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "references": [ "https://habr.com/ru/companies/F6/articles/987734/", "IOCs.csv" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [] }, "other": { "adversary": [ "PhantomCore, Campaign Targeting Leveraging VS Code, Watering Hole Attack Targets EmEditor Users" ], "malware_families": [], "industries": [] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 2, "pulses": [ { "id": "697a9015a6b6986b45485d39", "name": "EbeeJan2026 Pt5", "description": "Multiple APT/threat actors, Malware and Campaigns", "modified": "2026-02-27T22:03:31.816000", "created": "2026-01-28T22:39:17.725000", "tags": [ "filehashsha256", "filehashmd5", "filehashsha1" ], "references": [ "IOCs.csv" ], "public": 1, "adversary": "PhantomCore, Campaign Targeting Leveraging VS Code, Watering Hole Attack Targets EmEditor Users", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 4, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "IMEBEEIMFINE", "id": "343873", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 3, "FileHash-MD5": 212, "FileHash-SHA1": 212, "FileHash-SHA256": 338, "URL": 16, "domain": 109, "email": 7, "hostname": 83 }, "indicator_count": 980, "is_author": false, "is_subscribing": null, "subscriber_count": 41, "modified_text": "92 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "697321c7ab64523a58324123", "name": "Restless spirit: PhantomCore spies have carried out new attacks on Russian companies", "description": "PhantomCore, a cyber espionage group, has recently targeted multiple sectors within Russian companies, utilizing malicious email campaigns to execute their attacks. Analysts from the F6 Cybersecurity Center reported that these attacks were launched on January 19 and 21, 2026, with emails directed towards various industries, including housing and utilities, finance, urban infrastructure, municipal services, aerospace, B2C digital services, chemical production, construction, consumer goods, and e-commerce.\n\nThe F6 Business Email Protection (BEP) system played a crucial role in identifying and blocking these malicious communications before they reached their intended targets. The content of these emails likely aimed to facilitate unauthorized access to sensitive information or exploit specific vulnerabilities in the targeted organizations.", "modified": "2026-02-22T07:03:34.559000", "created": "2026-01-23T07:22:47.519000", "tags": [ "powershell", "phantomcore", "phantom", "core", "newtimespan d", "getdate", "sha1", "hubs" ], "references": [ "https://habr.com/ru/companies/F6/articles/987734/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "PetrP.73", "id": "154605", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 1, "FileHash-SHA1": 10, "FileHash-SHA256": 1, "URL": 1, "domain": 10, "hostname": 1 }, "indicator_count": 24, "is_author": false, "is_subscribing": null, "subscriber_count": 539, "modified_text": "98 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "print.ru", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "print.ru", "found": false, "verdict": "clean", "urls": [], "error": null }, "from_cache": true, "_cached_at": 1780227386.6551356 }