{ "type": "Domain", "indicator": "saebamini.com", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/saebamini.com", "alexa": "http://www.alexa.com/siteinfo/saebamini.com", "indicator": "saebamini.com", "type": "domain", "type_title": "Domain", "validation": [], "base_indicator": { "id": 3507935547, "indicator": "saebamini.com", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 1, "pulses": [ { "id": "62c65967bc5aa65b768441bc", "name": "Bitter APT continues to target Bangladesh | SECUINFRA Falcon Team", "description": "Here's a look at some of the best tweets from the past 12 months, as well as the top ones from Twitter and other social media sites, including Facebook, Twitter, Instagram and Instagram.", "modified": "2022-08-05T00:00:45.847000", "created": "2022-07-07T03:56:23.347000", "tags": [ "almond rat", "bitter", "equation editor", "command", "zxxz", "team", "c2 server", "tapt17", "downloader", "cve20180798", "rats", "twitter", "easy", "loader", "android", "february", "maldoc", "python", "next", "import", "dotnet", "malware", "javascript", "help center", "please", "service privacy", "policy cookie", "policy imprint", "ads info" ], "references": [ "https://twitter.com/h2jazi/status/1543957383193444352", "https://www.secuinfra.com/en/techtalk/whatever-floats-your-boat-bitter-apt-continues-to-target-bangladesh/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1030", "name": "Data Transfer Size Limits", "display_name": "T1030 - Data Transfer Size Limits" }, { "id": "T1041", "name": "Exfiltration Over C2 Channel", "display_name": "T1041 - Exfiltration Over C2 Channel" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1203", "name": "Exploitation for Client Execution", "display_name": "T1203 - Exploitation for Client Execution" }, { "id": "T1485", "name": "Data Destruction", "display_name": "T1485 - Data Destruction" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1571", "name": "Non-Standard Port", "display_name": "T1571 - Non-Standard Port" }, { "id": "T1592", "name": "Gather Victim Host Information", "display_name": "T1592 - Gather Victim Host Information" }, { "id": "T1608", "name": "Stage Capabilities", "display_name": "T1608 - Stage Capabilities" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Tr1sa111", "id": "192483", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 11, "FileHash-SHA1": 11, "FileHash-SHA256": 11, "CVE": 5, "URL": 2, "YARA": 3, "domain": 7, "hostname": 1 }, "indicator_count": 51, "is_author": false, "is_subscribing": null, "subscriber_count": 277, "modified_text": "1395 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "references": [ "https://www.secuinfra.com/en/techtalk/whatever-floats-your-boat-bitter-apt-continues-to-target-bangladesh/", "https://twitter.com/h2jazi/status/1543957383193444352" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [] }, "other": { "adversary": [], "malware_families": [], "industries": [] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 1, "pulses": [ { "id": "62c65967bc5aa65b768441bc", "name": "Bitter APT continues to target Bangladesh | SECUINFRA Falcon Team", "description": "Here's a look at some of the best tweets from the past 12 months, as well as the top ones from Twitter and other social media sites, including Facebook, Twitter, Instagram and Instagram.", "modified": "2022-08-05T00:00:45.847000", "created": "2022-07-07T03:56:23.347000", "tags": [ "almond rat", "bitter", "equation editor", "command", "zxxz", "team", "c2 server", "tapt17", "downloader", "cve20180798", "rats", "twitter", "easy", "loader", "android", "february", "maldoc", "python", "next", "import", "dotnet", "malware", "javascript", "help center", "please", "service privacy", "policy cookie", "policy imprint", "ads info" ], "references": [ "https://twitter.com/h2jazi/status/1543957383193444352", "https://www.secuinfra.com/en/techtalk/whatever-floats-your-boat-bitter-apt-continues-to-target-bangladesh/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1030", "name": "Data Transfer Size Limits", "display_name": "T1030 - Data Transfer Size Limits" }, { "id": "T1041", "name": "Exfiltration Over C2 Channel", "display_name": "T1041 - Exfiltration Over C2 Channel" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1203", "name": "Exploitation for Client Execution", "display_name": "T1203 - Exploitation for Client Execution" }, { "id": "T1485", "name": "Data Destruction", "display_name": "T1485 - Data Destruction" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1571", "name": "Non-Standard Port", "display_name": "T1571 - Non-Standard Port" }, { "id": "T1592", "name": "Gather Victim Host Information", "display_name": "T1592 - Gather Victim Host Information" }, { "id": "T1608", "name": "Stage Capabilities", "display_name": "T1608 - Stage Capabilities" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Tr1sa111", "id": "192483", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 11, "FileHash-SHA1": 11, "FileHash-SHA256": 11, "CVE": 5, "URL": 2, "YARA": 3, "domain": 7, "hostname": 1 }, "indicator_count": 51, "is_author": false, "is_subscribing": null, "subscriber_count": 277, "modified_text": "1395 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "saebamini.com", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "saebamini.com", "found": false, "verdict": "clean", "urls": [], "error": null }, "from_cache": true, "_cached_at": 1780242259.7701054 }