{ "type": "Domain", "indicator": "reply-tmobile.com", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/reply-tmobile.com", "alexa": "http://www.alexa.com/siteinfo/reply-tmobile.com", "indicator": "reply-tmobile.com", "type": "domain", "type_title": "Domain", "validation": [], "base_indicator": { "id": 2204513838, "indicator": "reply-tmobile.com", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 3, "pulses": [ { "id": "64f6d5bc3226451dfc4ea8eb", "name": "Leveraging 16shop Phishing Kit for Vast Exploitation", "description": "Trend Vision One provides a comprehensive guide to the best ways to protect your business from cyber-attacks, threats and other threats in the modern world, as well as the latest 5G network and cloud-native apps.", "modified": "2023-10-05T07:05:26.542000", "created": "2023-09-05T07:16:12.327000", "tags": [ "phishing", "malware", "endpoints", "cyber crime", "articles", "news", "reports", "cyber threats", "learn", "apple", "trend micro", "indonesia", "interpol", "cash app", "japan", "cloud security", "alliance", "paypal", "hybrid", "stop", "leverage", "protect", "small", "attack", "august", "agenttesla", "service", "april", "phoenix", "cyber", "crime", "tech", "find", "email", "business email", "compromise", "research", "spam", "ave maria", "negasteal", "security", "response", "understand", "warzone", "autoit", "malspam", "agent tesla", "trojan", "powershell", "frenchy", "trojanspy" ], "references": [ "https://www.trendmicro.com/en_us/research/23/i/revisiting-16shop-phishing-kit-trend-interpol-partnership.html", "https://www.trendmicro.com/content/dam/trendmicro/global/en/research/21/j/analyzing-email-services-abused-for-business-email-compromise/IOCs-analyzing-email-services-abused-for-BEC.txt", "https://www.trendmicro.com/en_us/research/19/j/autoit-compiled-negasteal-agent-tesla-ave-maria-delivered-via-malspam.html" ], "public": 1, "adversary": "", "targeted_countries": [ "Germany", "Japan", "China", "France", "Spain", "Malaysia", "Thailand", "Netherlands" ], "malware_families": [ { "id": "Frenchy", "display_name": "Frenchy", "target": null }, { "id": "Agent Tesla", "display_name": "Agent Tesla", "target": null }, { "id": "Negasteal", "display_name": "Negasteal", "target": null }, { "id": "TrojanSpy", "display_name": "TrojanSpy", "target": null }, { "id": "Ave Maria", "display_name": "Ave Maria", "target": null } ], "attack_ids": [ { "id": "T1199", "name": "Trusted Relationship", "display_name": "T1199 - Trusted Relationship" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1176", "name": "Browser Extensions", "display_name": "T1176 - Browser Extensions" } ], "industries": [ "Financial" ], "TLP": "white", "cloned_from": null, "export_count": 22, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "cryptocti", "id": "110256", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_110256/resized/80/avatar_e237a4257c.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 28, "hostname": 1, "FileHash-SHA1": 2 }, "indicator_count": 31, "is_author": false, "is_subscribing": null, "subscriber_count": 499, "modified_text": "970 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "63e0ba96af987d29c17f2298", "name": "Threat Intel Report - W6-2023.pdf", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced from various channels and tools.\nThese are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week.\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools.\nThese details may be used as an additional layer to verify the current security posture of an organization against latest cyber trends.", "modified": "2023-03-08T08:04:26.856000", "created": "2023-02-06T08:30:14.537000", "tags": [], "references": [ "https://www.dnsbl.info/", "https://www.spamhaus.org/xbl/", "https://www.senderscore.org/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 19, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 163, "hostname": 74, "FileHash-MD5": 26, "FileHash-SHA1": 25, "FileHash-SHA256": 44, "CVE": 7, "domain": 127 }, "indicator_count": 466, "is_author": false, "is_subscribing": null, "subscriber_count": 108, "modified_text": "1181 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6372032fca2a16fe4ff0f171", "name": "Threat Intel Report - W47-2022.pdf", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced from various channels and tools.\nThese are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week.\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools.\nThese details may be used as an additional layer to verify the current security posture of an organization against latest cyber trends.", "modified": "2022-12-14T08:00:12.567000", "created": "2022-11-14T08:58:23.798000", "tags": [], "references": [ "https://myip.ms/browse/blacklist/Blacklist_IP_Blacklist_IP_Addresses_Live_Database_ Real-time", "https://www.dnsbl.info/", "https://www.spamhaus.org/xbl/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 79, "hostname": 59, "FileHash-MD5": 16, "FileHash-SHA1": 38, "FileHash-SHA256": 26, "CVE": 3, "URL": 135 }, "indicator_count": 356, "is_author": false, "is_subscribing": null, "subscriber_count": 106, "modified_text": "1265 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "references": [ "https://www.senderscore.org/", "https://www.dnsbl.info/", "https://www.trendmicro.com/en_us/research/23/i/revisiting-16shop-phishing-kit-trend-interpol-partnership.html", "https://myip.ms/browse/blacklist/Blacklist_IP_Blacklist_IP_Addresses_Live_Database_ Real-time", "https://www.spamhaus.org/xbl/", "https://www.trendmicro.com/content/dam/trendmicro/global/en/research/21/j/analyzing-email-services-abused-for-business-email-compromise/IOCs-analyzing-email-services-abused-for-BEC.txt", "https://www.trendmicro.com/en_us/research/19/j/autoit-compiled-negasteal-agent-tesla-ave-maria-delivered-via-malspam.html" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [] }, "other": { "adversary": [], "malware_families": [ "Agent tesla", "Ave maria", "Trojanspy", "Frenchy", "Negasteal" ], "industries": [ "Financial" ] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 3, "pulses": [ { "id": "64f6d5bc3226451dfc4ea8eb", "name": "Leveraging 16shop Phishing Kit for Vast Exploitation", "description": "Trend Vision One provides a comprehensive guide to the best ways to protect your business from cyber-attacks, threats and other threats in the modern world, as well as the latest 5G network and cloud-native apps.", "modified": "2023-10-05T07:05:26.542000", "created": "2023-09-05T07:16:12.327000", "tags": [ "phishing", "malware", "endpoints", "cyber crime", "articles", "news", "reports", "cyber threats", "learn", "apple", "trend micro", "indonesia", "interpol", "cash app", "japan", "cloud security", "alliance", "paypal", "hybrid", "stop", "leverage", "protect", "small", "attack", "august", "agenttesla", "service", "april", "phoenix", "cyber", "crime", "tech", "find", "email", "business email", "compromise", "research", "spam", "ave maria", "negasteal", "security", "response", "understand", "warzone", "autoit", "malspam", "agent tesla", "trojan", "powershell", "frenchy", "trojanspy" ], "references": [ "https://www.trendmicro.com/en_us/research/23/i/revisiting-16shop-phishing-kit-trend-interpol-partnership.html", "https://www.trendmicro.com/content/dam/trendmicro/global/en/research/21/j/analyzing-email-services-abused-for-business-email-compromise/IOCs-analyzing-email-services-abused-for-BEC.txt", "https://www.trendmicro.com/en_us/research/19/j/autoit-compiled-negasteal-agent-tesla-ave-maria-delivered-via-malspam.html" ], "public": 1, "adversary": "", "targeted_countries": [ "Germany", "Japan", "China", "France", "Spain", "Malaysia", "Thailand", "Netherlands" ], "malware_families": [ { "id": "Frenchy", "display_name": "Frenchy", "target": null }, { "id": "Agent Tesla", "display_name": "Agent Tesla", "target": null }, { "id": "Negasteal", "display_name": "Negasteal", "target": null }, { "id": "TrojanSpy", "display_name": "TrojanSpy", "target": null }, { "id": "Ave Maria", "display_name": "Ave Maria", "target": null } ], "attack_ids": [ { "id": "T1199", "name": "Trusted Relationship", "display_name": "T1199 - Trusted Relationship" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1176", "name": "Browser Extensions", "display_name": "T1176 - Browser Extensions" } ], "industries": [ "Financial" ], "TLP": "white", "cloned_from": null, "export_count": 22, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "cryptocti", "id": "110256", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_110256/resized/80/avatar_e237a4257c.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 28, "hostname": 1, "FileHash-SHA1": 2 }, "indicator_count": 31, "is_author": false, "is_subscribing": null, "subscriber_count": 499, "modified_text": "970 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "63e0ba96af987d29c17f2298", "name": "Threat Intel Report - W6-2023.pdf", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced from various channels and tools.\nThese are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week.\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools.\nThese details may be used as an additional layer to verify the current security posture of an organization against latest cyber trends.", "modified": "2023-03-08T08:04:26.856000", "created": "2023-02-06T08:30:14.537000", "tags": [], "references": [ "https://www.dnsbl.info/", "https://www.spamhaus.org/xbl/", "https://www.senderscore.org/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 19, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 163, "hostname": 74, "FileHash-MD5": 26, "FileHash-SHA1": 25, "FileHash-SHA256": 44, "CVE": 7, "domain": 127 }, "indicator_count": 466, "is_author": false, "is_subscribing": null, "subscriber_count": 108, "modified_text": "1181 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6372032fca2a16fe4ff0f171", "name": "Threat Intel Report - W47-2022.pdf", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced from various channels and tools.\nThese are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week.\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools.\nThese details may be used as an additional layer to verify the current security posture of an organization against latest cyber trends.", "modified": "2022-12-14T08:00:12.567000", "created": "2022-11-14T08:58:23.798000", "tags": [], "references": [ "https://myip.ms/browse/blacklist/Blacklist_IP_Blacklist_IP_Addresses_Live_Database_ Real-time", "https://www.dnsbl.info/", "https://www.spamhaus.org/xbl/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 79, "hostname": 59, "FileHash-MD5": 16, "FileHash-SHA1": 38, "FileHash-SHA256": 26, "CVE": 3, "URL": 135 }, "indicator_count": 356, "is_author": false, "is_subscribing": null, "subscriber_count": 106, "modified_text": "1265 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "reply-tmobile.com", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "reply-tmobile.com", "found": false, "verdict": "clean", "urls": [], "error": null }, "from_cache": true, "_cached_at": 1780338111.5694237 }