{ "type": "Domain", "indicator": "quickworld.shop", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/quickworld.shop", "alexa": "http://www.alexa.com/siteinfo/quickworld.shop", "indicator": "quickworld.shop", "type": "domain", "type_title": "Domain", "validation": [], "base_indicator": { "id": 3992656187, "indicator": "quickworld.shop", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 7, "pulses": [ { "id": "670eac5313b9bd50f43d7ab7", "name": "HijackLoader evolution: abusing genuine signing certificates", "description": "A report by HarfangLab EDR and MITRE ATT&CK on the threat posed by the Lumma Stealer malware, published on 11 October, 2024, outlines the tactics used to deploy the malware.", "modified": "2024-10-15T17:54:26.438000", "created": "2024-10-15T17:54:26.438000", "tags": [ "hijackloader", "samples", "harfanglab edr", "sha256", "lumma stealer", "dll sideloading", "infection chain", "fake captcha", "zip archive", "installer", "path", "hider", "loader", "gate", "powershell", "lumma" ], "references": [ "https://harfanglab.io/insidethelab/hijackloader-abusing-genuine-certificates/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Lumma", "display_name": "Lumma", "target": null } ], "attack_ids": [ { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1218", "name": "Signed Binary Proxy Execution", "display_name": "T1218 - Signed Binary Proxy Execution" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 104, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 38, "FileHash-SHA1": 43, "FileHash-SHA256": 67, "domain": 1, "hostname": 1 }, "indicator_count": 150, "is_author": false, "is_subscribing": null, "subscriber_count": 386594, "modified_text": "593 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "67aac6e4b628acffaed3f068", "name": "New Batch - Malcerts - 02.10.25 - unenriched", "description": "Here is the full text of the text that was found on the website of Mozilla, following an investigation by the security firm Virustotal and the UK's Office of National Statistics (ONS).. [autofilled].\n\nMore Malcerts from Sample Device deployed at several sites in YEG - Canada. Related to pulse - Thor Scan Lite Linux\nNot enriched on import, but did include links to VT entries as IOCs (those will be false positives - but easy access). \nFolder name: Mozilla Located @ /usr/share/ca-certificates", "modified": "2025-03-16T17:01:06.968000", "created": "2025-02-11T03:41:24.585000", "tags": [ "UAlberta", "Malcerts", "Certificates", "Eduroam", "Alberta" ], "references": [ "https://www.virustotal.com/gui/collection/207ce29e0defa958ed9ce12667ce39b491e3e8d1f0a345b3c6b50992c9879b5c/iocs", "https://www.virustotal.com/gui/collection/207ce29e0defa958ed9ce12667ce39b491e3e8d1f0a345b3c6b50992c9879b5c/summary", "https://hybrid-analysis.com/file-collection/67aa8951a3fc5708a905306a", "https://www.virustotal.com/gui/collection/207ce29e0defa958ed9ce12667ce39b491e3e8d1f0a345b3c6b50992c9879b5c/community", "https://tria.ge/250210-3c3c3askfz", "https://tria.ge/250210-3nh4kasmes", "https://tria.ge/250210-3y8f7sspdy", "https://tria.ge/250211-dhpxgswlax", "https://tria.ge/250211-dt1hcswme1", "https://tria.ge/250211-dx9v7swnbw", "Zipped IOC: c85a87adee4c099081c0be6a69d7468280f4d289bde882c66af86d023d32288a", "https://www.virustotal.com/graph/embed/g4d7797bcffdd450281d4012ac3a0a5ee3fafe8b4f5964c18b4e0332306cb367b?theme=dark", "https://tip.neiki.dev/file/c85a87adee4c099081c0be6a69d7468280f4d289bde882c66af86d023d32288a", "c85a87adee4c099081c0be6a69d7468280f4d289bde882c66af86d023d32288a", "Cert[.]pl MLDB: 1da23fc67a5f101321e39d04e76dcaa7" ], "public": 1, "adversary": "", "targeted_countries": [ "Canada" ], "malware_families": [], "attack_ids": [], "industries": [ "Education", "Government", "Healthcare", "Telecommunications", "Finance", "Agriculture", "Hospitality", "Media", "Retail" ], "TLP": "white", "cloned_from": null, "export_count": 13, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Disable_Duck", "id": "244325", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_244325/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 831, "FileHash-SHA1": 801, "FileHash-SHA256": 3227, "URL": 395, "domain": 189, "hostname": 798 }, "indicator_count": 6241, "is_author": false, "is_subscribing": null, "subscriber_count": 131, "modified_text": "441 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "67429f73a3f45fa88890276d", "name": "StreamMining", "description": "", "modified": "2024-11-24T03:37:23.616000", "created": "2024-11-24T03:37:23.616000", "tags": [ "eliminar", "leer ms", "wishlist vista", "poltica", "secadores", "vista", "sala", "vaporal", "utensilios", "belleza equipos", "ciudad" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": "670f94e03014212e19fa5a77", "export_count": 4, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "rivocado", "id": "300960", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 6, "URL": 170, "domain": 11158, "hostname": 3549 }, "indicator_count": 14883, "is_author": false, "is_subscribing": null, "subscriber_count": 25, "modified_text": "553 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "67429f7224d433f384b935c8", "name": "StreamMining", "description": "", "modified": "2024-11-24T03:37:22.551000", "created": "2024-11-24T03:37:22.551000", "tags": [ "eliminar", "leer ms", "wishlist vista", "poltica", "secadores", "vista", "sala", "vaporal", "utensilios", "belleza equipos", "ciudad" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": "670f94e03014212e19fa5a77", "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "rivocado", "id": "300960", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 6, "URL": 170, "domain": 11158, "hostname": 3549 }, "indicator_count": 14883, "is_author": false, "is_subscribing": null, "subscriber_count": 20, "modified_text": "553 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "670f94e03014212e19fa5a77", "name": "Malicious-Dangerous-Domain&URL-New-IOC List", "description": "By Helaly", "modified": "2024-11-15T10:01:11.688000", "created": "2024-10-16T10:26:40.893000", "tags": [ "eliminar", "leer ms", "wishlist vista", "poltica", "secadores", "vista", "sala", "vaporal", "utensilios", "belleza equipos", "ciudad" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 39659, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Eslam-ElHelaly", "id": "259630", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_259630/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 6, "URL": 170, "domain": 11158, "hostname": 3549 }, "indicator_count": 14883, "is_author": false, "is_subscribing": null, "subscriber_count": 80, "modified_text": "562 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "670fc62147ad69bc4bd5033c", "name": "Hijack Loader Malware Uses Stolen-Code Signing Certificates", "description": "", "modified": "2024-10-16T13:56:49.544000", "created": "2024-10-16T13:56:49.544000", "tags": [ "classification", "confidential", "cyber threat", "october", "time", "crypto cyber", "defence", "domains" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 19, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "cryptocti", "id": "110256", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_110256/resized/80/avatar_e237a4257c.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 67, "FileHash-SHA1": 67, "FileHash-SHA256": 70, "domain": 1, "hostname": 1 }, "indicator_count": 206, "is_author": false, "is_subscribing": null, "subscriber_count": 500, "modified_text": "592 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "670e2c73c5cd8a793b2b02bf", "name": "HijackLoader evolution: abusing genuine signing certificates", "description": "A report by HarfangLab EDR and MITRE ATT&CK on the threat posed by the Lumma Stealer malware, published on 11 October, 2024, outlines the tactics used to deploy the malware.", "modified": "2024-10-15T08:48:51.289000", "created": "2024-10-15T08:48:51.289000", "tags": [ "hijackloader", "october", "samples", "harfanglab edr", "sha256", "lumma stealer", "dll sideloading", "infection chain", "fake captcha", "zip archive", "installer", "path", "hider", "loader", "gate", "powershell", "lumma", "samecoin" ], "references": [ "https://harfanglab.io/insidethelab/hijackloader-abusing-genuine-certificates/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Lumma", "display_name": "Lumma", "target": null }, { "id": "SameCoin", "display_name": "SameCoin", "target": null } ], "attack_ids": [ { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1218", "name": "Signed Binary Proxy Execution", "display_name": "T1218 - Signed Binary Proxy Execution" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 27, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunter_NL", "id": "171283", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_171283/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 38, "FileHash-SHA1": 43, "FileHash-SHA256": 70, "URL": 1, "domain": 2, "hostname": 1 }, "indicator_count": 155, "is_author": false, "is_subscribing": null, "subscriber_count": 865, "modified_text": "593 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "references": [ "https://tria.ge/250211-dx9v7swnbw", "https://harfanglab.io/insidethelab/hijackloader-abusing-genuine-certificates/", "https://tria.ge/250210-3y8f7sspdy", "https://www.virustotal.com/gui/collection/207ce29e0defa958ed9ce12667ce39b491e3e8d1f0a345b3c6b50992c9879b5c/summary", "https://www.virustotal.com/gui/collection/207ce29e0defa958ed9ce12667ce39b491e3e8d1f0a345b3c6b50992c9879b5c/iocs", "Zipped IOC: c85a87adee4c099081c0be6a69d7468280f4d289bde882c66af86d023d32288a", "https://tria.ge/250211-dhpxgswlax", "c85a87adee4c099081c0be6a69d7468280f4d289bde882c66af86d023d32288a", "https://tria.ge/250211-dt1hcswme1", "https://hybrid-analysis.com/file-collection/67aa8951a3fc5708a905306a", "Cert[.]pl MLDB: 1da23fc67a5f101321e39d04e76dcaa7", "https://www.virustotal.com/gui/collection/207ce29e0defa958ed9ce12667ce39b491e3e8d1f0a345b3c6b50992c9879b5c/community", "https://tria.ge/250210-3nh4kasmes", "https://tria.ge/250210-3c3c3askfz", "https://tip.neiki.dev/file/c85a87adee4c099081c0be6a69d7468280f4d289bde882c66af86d023d32288a", "https://www.virustotal.com/graph/embed/g4d7797bcffdd450281d4012ac3a0a5ee3fafe8b4f5964c18b4e0332306cb367b?theme=dark" ], "related": { "alienvault": { "adversary": [], "malware_families": [ "Lumma" ], "industries": [] }, "other": { "adversary": [], "malware_families": [ "Lumma", "Samecoin" ], "industries": [ "Retail", "Agriculture", "Telecommunications", "Media", "Hospitality", "Finance", "Healthcare", "Education", "Government" ] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 7, "pulses": [ { "id": "670eac5313b9bd50f43d7ab7", "name": "HijackLoader evolution: abusing genuine signing certificates", "description": "A report by HarfangLab EDR and MITRE ATT&CK on the threat posed by the Lumma Stealer malware, published on 11 October, 2024, outlines the tactics used to deploy the malware.", "modified": "2024-10-15T17:54:26.438000", "created": "2024-10-15T17:54:26.438000", "tags": [ "hijackloader", "samples", "harfanglab edr", "sha256", "lumma stealer", "dll sideloading", "infection chain", "fake captcha", "zip archive", "installer", "path", "hider", "loader", "gate", "powershell", "lumma" ], "references": [ "https://harfanglab.io/insidethelab/hijackloader-abusing-genuine-certificates/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Lumma", "display_name": "Lumma", "target": null } ], "attack_ids": [ { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1218", "name": "Signed Binary Proxy Execution", "display_name": "T1218 - Signed Binary Proxy Execution" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 104, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 38, "FileHash-SHA1": 43, "FileHash-SHA256": 67, "domain": 1, "hostname": 1 }, "indicator_count": 150, "is_author": false, "is_subscribing": null, "subscriber_count": 386594, "modified_text": "593 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "67aac6e4b628acffaed3f068", "name": "New Batch - Malcerts - 02.10.25 - unenriched", "description": "Here is the full text of the text that was found on the website of Mozilla, following an investigation by the security firm Virustotal and the UK's Office of National Statistics (ONS).. [autofilled].\n\nMore Malcerts from Sample Device deployed at several sites in YEG - Canada. Related to pulse - Thor Scan Lite Linux\nNot enriched on import, but did include links to VT entries as IOCs (those will be false positives - but easy access). \nFolder name: Mozilla Located @ /usr/share/ca-certificates", "modified": "2025-03-16T17:01:06.968000", "created": "2025-02-11T03:41:24.585000", "tags": [ "UAlberta", "Malcerts", "Certificates", "Eduroam", "Alberta" ], "references": [ "https://www.virustotal.com/gui/collection/207ce29e0defa958ed9ce12667ce39b491e3e8d1f0a345b3c6b50992c9879b5c/iocs", "https://www.virustotal.com/gui/collection/207ce29e0defa958ed9ce12667ce39b491e3e8d1f0a345b3c6b50992c9879b5c/summary", "https://hybrid-analysis.com/file-collection/67aa8951a3fc5708a905306a", "https://www.virustotal.com/gui/collection/207ce29e0defa958ed9ce12667ce39b491e3e8d1f0a345b3c6b50992c9879b5c/community", "https://tria.ge/250210-3c3c3askfz", "https://tria.ge/250210-3nh4kasmes", "https://tria.ge/250210-3y8f7sspdy", "https://tria.ge/250211-dhpxgswlax", "https://tria.ge/250211-dt1hcswme1", "https://tria.ge/250211-dx9v7swnbw", "Zipped IOC: c85a87adee4c099081c0be6a69d7468280f4d289bde882c66af86d023d32288a", "https://www.virustotal.com/graph/embed/g4d7797bcffdd450281d4012ac3a0a5ee3fafe8b4f5964c18b4e0332306cb367b?theme=dark", "https://tip.neiki.dev/file/c85a87adee4c099081c0be6a69d7468280f4d289bde882c66af86d023d32288a", "c85a87adee4c099081c0be6a69d7468280f4d289bde882c66af86d023d32288a", "Cert[.]pl MLDB: 1da23fc67a5f101321e39d04e76dcaa7" ], "public": 1, "adversary": "", "targeted_countries": [ "Canada" ], "malware_families": [], "attack_ids": [], "industries": [ "Education", "Government", "Healthcare", "Telecommunications", "Finance", "Agriculture", "Hospitality", "Media", "Retail" ], "TLP": "white", "cloned_from": null, "export_count": 13, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Disable_Duck", "id": "244325", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_244325/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 831, "FileHash-SHA1": 801, "FileHash-SHA256": 3227, "URL": 395, "domain": 189, "hostname": 798 }, "indicator_count": 6241, "is_author": false, "is_subscribing": null, "subscriber_count": 131, "modified_text": "441 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "67429f73a3f45fa88890276d", "name": "StreamMining", "description": "", "modified": "2024-11-24T03:37:23.616000", "created": "2024-11-24T03:37:23.616000", "tags": [ "eliminar", "leer ms", "wishlist vista", "poltica", "secadores", "vista", "sala", "vaporal", "utensilios", "belleza equipos", "ciudad" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": "670f94e03014212e19fa5a77", "export_count": 4, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "rivocado", "id": "300960", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 6, "URL": 170, "domain": 11158, "hostname": 3549 }, "indicator_count": 14883, "is_author": false, "is_subscribing": null, "subscriber_count": 25, "modified_text": "553 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "67429f7224d433f384b935c8", "name": "StreamMining", "description": "", "modified": "2024-11-24T03:37:22.551000", "created": "2024-11-24T03:37:22.551000", "tags": [ "eliminar", "leer ms", "wishlist vista", "poltica", "secadores", "vista", "sala", "vaporal", "utensilios", "belleza equipos", "ciudad" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": "670f94e03014212e19fa5a77", "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "rivocado", "id": "300960", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 6, "URL": 170, "domain": 11158, "hostname": 3549 }, "indicator_count": 14883, "is_author": false, "is_subscribing": null, "subscriber_count": 20, "modified_text": "553 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "670f94e03014212e19fa5a77", "name": "Malicious-Dangerous-Domain&URL-New-IOC List", "description": "By Helaly", "modified": "2024-11-15T10:01:11.688000", "created": "2024-10-16T10:26:40.893000", "tags": [ "eliminar", "leer ms", "wishlist vista", "poltica", "secadores", "vista", "sala", "vaporal", "utensilios", "belleza equipos", "ciudad" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 39659, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Eslam-ElHelaly", "id": "259630", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_259630/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 6, "URL": 170, "domain": 11158, "hostname": 3549 }, "indicator_count": 14883, "is_author": false, "is_subscribing": null, "subscriber_count": 80, "modified_text": "562 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "670fc62147ad69bc4bd5033c", "name": "Hijack Loader Malware Uses Stolen-Code Signing Certificates", "description": "", "modified": "2024-10-16T13:56:49.544000", "created": "2024-10-16T13:56:49.544000", "tags": [ "classification", "confidential", "cyber threat", "october", "time", "crypto cyber", "defence", "domains" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 19, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "cryptocti", "id": "110256", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_110256/resized/80/avatar_e237a4257c.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 67, "FileHash-SHA1": 67, "FileHash-SHA256": 70, "domain": 1, "hostname": 1 }, "indicator_count": 206, "is_author": false, "is_subscribing": null, "subscriber_count": 500, "modified_text": "592 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "670e2c73c5cd8a793b2b02bf", "name": "HijackLoader evolution: abusing genuine signing certificates", "description": "A report by HarfangLab EDR and MITRE ATT&CK on the threat posed by the Lumma Stealer malware, published on 11 October, 2024, outlines the tactics used to deploy the malware.", "modified": "2024-10-15T08:48:51.289000", "created": "2024-10-15T08:48:51.289000", "tags": [ "hijackloader", "october", "samples", "harfanglab edr", "sha256", "lumma stealer", "dll sideloading", "infection chain", "fake captcha", "zip archive", "installer", "path", "hider", "loader", "gate", "powershell", "lumma", "samecoin" ], "references": [ "https://harfanglab.io/insidethelab/hijackloader-abusing-genuine-certificates/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Lumma", "display_name": "Lumma", "target": null }, { "id": "SameCoin", "display_name": "SameCoin", "target": null } ], "attack_ids": [ { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1218", "name": "Signed Binary Proxy Execution", "display_name": "T1218 - Signed Binary Proxy Execution" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 27, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunter_NL", "id": "171283", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_171283/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 38, "FileHash-SHA1": 43, "FileHash-SHA256": 70, "URL": 1, "domain": 2, "hostname": 1 }, "indicator_count": 155, "is_author": false, "is_subscribing": null, "subscriber_count": 865, "modified_text": "593 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "quickworld.shop", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "quickworld.shop", "found": false, "verdict": "clean", "urls": [], "error": null }, "from_cache": true, "_cached_at": 1780274131.120624 }