{ "type": "Domain", "indicator": "satursed.com", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/satursed.com", "alexa": "http://www.alexa.com/siteinfo/satursed.com", "indicator": "satursed.com", "type": "domain", "type_title": "Domain", "validation": [], "base_indicator": { "id": 2847842106, "indicator": "satursed.com", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 8, "pulses": [ { "id": "6110f20e4c97acd477823083", "name": "Prometheus TDS", "description": "Group-IB, a Russian-based cybersecurity firm, has discovered that an underground service that distributes malicious files and redirect users to malicious sites is being used to carry out attacks using the same MaaS solution.", "modified": "2021-10-21T06:53:15.041000", "created": "2021-08-09T09:14:53.307000", "tags": [ "prometheus tds", "ficker", "prometheus", "bazaloader", "hancitor", "cobalt strike", "icedid", "buer loader", "campo loader", "qbot", "trickbot", "bokbot", "viagra", "Fake VPN" ], "references": [ "https://blog.group-ib.com/prometheus-tds" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Belgium" ], "malware_families": [ { "id": "Prometheus TDS", "display_name": "Prometheus TDS", "target": null }, { "id": "Ficker", "display_name": "Ficker", "target": null }, { "id": "Buer Loader", "display_name": "Buer Loader", "target": null }, { "id": "IcedID", "display_name": "IcedID", "target": null }, { "id": "Cobalt Strike", "display_name": "Cobalt Strike", "target": null }, { "id": "Hancitor", "display_name": "Hancitor", "target": null }, { "id": "BazaLoader", "display_name": "BazaLoader", "target": null }, { "id": "Prometheus", "display_name": "Prometheus", "target": null }, { "id": "Campo Loader", "display_name": "Campo Loader", "target": null }, { "id": "Backdoor:Win32/Qbot", "display_name": "Backdoor:Win32/Qbot", "target": "/malware/Backdoor:Win32/Qbot" }, { "id": "SocGholish", "display_name": "SocGholish", "target": null } ], "attack_ids": [ { "id": "T1584", "name": "Compromise Infrastructure", "display_name": "T1584 - Compromise Infrastructure" }, { "id": "T1585", "name": "Establish Accounts", "display_name": "T1585 - Establish Accounts" }, { "id": "T1087.003", "name": "Email Account", "display_name": "T1087.003 - Email Account" }, { "id": "T1588", "name": "Obtain Capabilities", "display_name": "T1588 - Obtain Capabilities" }, { "id": "T1192", "name": "Spearphishing Link", "display_name": "T1192 - Spearphishing Link" }, { "id": "T1204.001", "name": "Malicious Link", "display_name": "T1204.001 - Malicious Link" }, { "id": "T1204.002", "name": "Malicious File", "display_name": "T1204.002 - Malicious File" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1087", "name": "Account Discovery", "display_name": "T1087 - Account Discovery" }, { "id": "T1132", "name": "Data Encoding", "display_name": "T1132 - Data Encoding" }, { "id": "T1090", "name": "Proxy", "display_name": "T1090 - Proxy" } ], "industries": [ "Government", "Education" ], "TLP": "white", "cloned_from": null, "export_count": 279, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 68, "FileHash-SHA1": 69, "FileHash-SHA256": 70, "URL": 12, "domain": 48, "hostname": 11 }, "indicator_count": 278, "is_author": false, "is_subscribing": null, "subscriber_count": 386622, "modified_text": "1683 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "657096d09b7c50c7e3eea12f", "name": "IOCs_2023.02.06_22.46", "description": "", "modified": "2023-12-06T15:44:16.274000", "created": "2023-12-06T15:44:16.274000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 957, "FileHash-MD5": 196, "FileHash-SHA1": 196, "domain": 159, "hostname": 222, "URL": 3 }, "indicator_count": 1733, "is_author": false, "is_subscribing": null, "subscriber_count": 110, "modified_text": "907 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "63e1755ffb32d12b0fc3ff42", "name": "IOCs_2023.02.06_22.46", "description": "Hashes are used to identify people using the same IP address as the address on a specific address, but they can now be traced to a different address in the UK and Ireland, as well as from the US.", "modified": "2023-03-08T21:16:31.886000", "created": "2023-02-06T21:47:11.561000", "tags": [ "emotet", "wannacry", "wannycry", "trickbot", "qbot", "cobalt strike", "flawedammyy", "systembc", "hashes", "domains", "wcry", "microsoft", "iocs ip", "emotet malware", "fake net", "cobaltstrike", "first", "eternalblue", "desktop", "trojan", "agent tesla", "malware", "fallout" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "SystemBC", "display_name": "SystemBC", "target": null }, { "id": "FlawedAmmyy", "display_name": "FlawedAmmyy", "target": null }, { "id": "Cobalt Strike", "display_name": "Cobalt Strike", "target": null }, { "id": "Qbot", "display_name": "Qbot", "target": null }, { "id": "Trickbot", "display_name": "Trickbot", "target": null }, { "id": "WannyCry", "display_name": "WannyCry", "target": null }, { "id": "WannaCry", "display_name": "WannaCry", "target": null }, { "id": "Emotet", "display_name": "Emotet", "target": null }, { "id": "Agent Tesla", "display_name": "Agent Tesla", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1080", "name": "Taint Shared Content", "display_name": "T1080 - Taint Shared Content" }, { "id": "T1102", "name": "Web Service", "display_name": "T1102 - Web Service" }, { "id": "T1210", "name": "Exploitation of Remote Services", "display_name": "T1210 - Exploitation of Remote Services" }, { "id": "T1486", "name": "Data Encrypted for Impact", "display_name": "T1486 - Data Encrypted for Impact" }, { "id": "T1490", "name": "Inhibit System Recovery", "display_name": "T1490 - Inhibit System Recovery" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 21, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlessandroFiori", "id": "91912", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_91912/resized/80/avatar_2b1b2b88b6.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 196, "FileHash-SHA1": 196, "FileHash-SHA256": 957, "URL": 3, "domain": 159, "hostname": 222 }, "indicator_count": 1733, "is_author": false, "is_subscribing": null, "subscriber_count": 419, "modified_text": "1180 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "63e0ba96af987d29c17f2298", "name": "Threat Intel Report - W6-2023.pdf", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced from various channels and tools.\nThese are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week.\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools.\nThese details may be used as an additional layer to verify the current security posture of an organization against latest cyber trends.", "modified": "2023-03-08T08:04:26.856000", "created": "2023-02-06T08:30:14.537000", "tags": [], "references": [ "https://www.dnsbl.info/", "https://www.spamhaus.org/xbl/", "https://www.senderscore.org/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 19, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 163, "hostname": 74, "FileHash-MD5": 26, "FileHash-SHA1": 25, "FileHash-SHA256": 44, "CVE": 7, "domain": 127 }, "indicator_count": 466, "is_author": false, "is_subscribing": null, "subscriber_count": 108, "modified_text": "1180 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "63bbdd2fe81b242b8ffa091b", "name": "Threat Intel Report - W2-2023.pdf", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced from various channels and tools.\nThese are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week.\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools.\nThese details may be used as an additional layer to verify the current security posture of an organization against latest cyber trends.", "modified": "2023-02-08T09:00:44.549000", "created": "2023-01-09T09:23:59.096000", "tags": [], "references": [ "https://myip.ms/browse/blacklist/Blacklist_IP_Blacklist_IP_Addresses_Live_Database_ Real-time", "https://www.dnsbl.info/", "https://www.spamhaus.org/xbl/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 6, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 54, "URL": 82, "hostname": 65, "FileHash-MD5": 19, "FileHash-SHA1": 20, "FileHash-SHA256": 25, "CVE": 3 }, "indicator_count": 268, "is_author": false, "is_subscribing": null, "subscriber_count": 107, "modified_text": "1208 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "63a01d5249897d1ce5fcc4c1", "name": "Threat Intel Report - W52-2022.pdf", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced from various channels and tools.\nThese are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week.\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools.\nThese details may be used as an additional layer to verify the current security posture of an organization against latest cyber trends.", "modified": "2023-01-18T08:00:04.374000", "created": "2022-12-19T08:14:10.713000", "tags": [ "united" ], "references": [ "https://myip.ms/browse/blacklist/Blacklist_IP_Blacklist_IP_Addresses_Live_Database_ Real-time", "https://www.dnsbl.info/", "https://www.spamhaus.org/xbl/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 19, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 46, "domain": 106, "hostname": 53, "CVE": 2, "FileHash-MD5": 7, "FileHash-SHA1": 7, "FileHash-SHA256": 12 }, "indicator_count": 233, "is_author": false, "is_subscribing": null, "subscriber_count": 107, "modified_text": "1229 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "63a01d55919d8c212243d1b3", "name": "Threat Intel Report - W52-2022.pdf", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced from various channels and tools.\nThese are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week.\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools.\nThese details may be used as an additional layer to verify the current security posture of an organization against latest cyber trends.", "modified": "2023-01-18T08:00:04.374000", "created": "2022-12-19T08:14:13.536000", "tags": [ "united" ], "references": [ "https://myip.ms/browse/blacklist/Blacklist_IP_Blacklist_IP_Addresses_Live_Database_ Real-time", "https://www.dnsbl.info/", "https://www.spamhaus.org/xbl/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 19, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 46, "domain": 106, "hostname": 53, "CVE": 2, "FileHash-MD5": 7, "FileHash-SHA1": 7, "FileHash-SHA256": 12 }, "indicator_count": 233, "is_author": false, "is_subscribing": null, "subscriber_count": 107, "modified_text": "1229 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "638dcbd385c4c8b071d944fe", "name": "Threat Intel Report - W50-2022.pdf", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced from various channels and tools.\nThese are weekly based recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week.\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools.\nThese details may be used as an additional layer to verify the current security posture of an organization against latest cyber trends.", "modified": "2023-01-04T10:01:53.783000", "created": "2022-12-05T10:45:39.829000", "tags": [], "references": [ "https://myip.ms/browse/blacklist/Blacklist_IP_Blacklist_IP_Addresses_Live_Database_ Real-time", "https://www.dnsbl.info/", "https://www.spamhaus.org/xbl/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 10, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 101, "CVE": 1, "FileHash-MD5": 10, "FileHash-SHA1": 10, "FileHash-SHA256": 13, "domain": 20, "hostname": 33 }, "indicator_count": 188, "is_author": false, "is_subscribing": null, "subscriber_count": 108, "modified_text": "1243 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "references": [ "https://www.spamhaus.org/xbl/", "https://blog.group-ib.com/prometheus-tds", "https://myip.ms/browse/blacklist/Blacklist_IP_Blacklist_IP_Addresses_Live_Database_ Real-time", "https://www.senderscore.org/", "https://www.dnsbl.info/" ], "related": { "alienvault": { "adversary": [], "malware_families": [ "Ficker", "Campo loader", "Buer loader", "Hancitor", "Bazaloader", "Prometheus", "Icedid", "Socgholish", "Backdoor:win32/qbot", "Cobalt strike", "Prometheus tds" ], "industries": [ "Education", "Government" ] }, "other": { "adversary": [], "malware_families": [ "Systembc", "Wannycry", "Qbot", "Cobalt strike", "Flawedammyy", "Wannacry", "Trickbot", "Agent tesla", "Emotet" ], "industries": [] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 8, "pulses": [ { "id": "6110f20e4c97acd477823083", "name": "Prometheus TDS", "description": "Group-IB, a Russian-based cybersecurity firm, has discovered that an underground service that distributes malicious files and redirect users to malicious sites is being used to carry out attacks using the same MaaS solution.", "modified": "2021-10-21T06:53:15.041000", "created": "2021-08-09T09:14:53.307000", "tags": [ "prometheus tds", "ficker", "prometheus", "bazaloader", "hancitor", "cobalt strike", "icedid", "buer loader", "campo loader", "qbot", "trickbot", "bokbot", "viagra", "Fake VPN" ], "references": [ "https://blog.group-ib.com/prometheus-tds" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Belgium" ], "malware_families": [ { "id": "Prometheus TDS", "display_name": "Prometheus TDS", "target": null }, { "id": "Ficker", "display_name": "Ficker", "target": null }, { "id": "Buer Loader", "display_name": "Buer Loader", "target": null }, { "id": "IcedID", "display_name": "IcedID", "target": null }, { "id": "Cobalt Strike", "display_name": "Cobalt Strike", "target": null }, { "id": "Hancitor", "display_name": "Hancitor", "target": null }, { "id": "BazaLoader", "display_name": "BazaLoader", "target": null }, { "id": "Prometheus", "display_name": "Prometheus", "target": null }, { "id": "Campo Loader", "display_name": "Campo Loader", "target": null }, { "id": "Backdoor:Win32/Qbot", "display_name": "Backdoor:Win32/Qbot", "target": "/malware/Backdoor:Win32/Qbot" }, { "id": "SocGholish", "display_name": "SocGholish", "target": null } ], "attack_ids": [ { "id": "T1584", "name": "Compromise Infrastructure", "display_name": "T1584 - Compromise Infrastructure" }, { "id": "T1585", "name": "Establish Accounts", "display_name": "T1585 - Establish Accounts" }, { "id": "T1087.003", "name": "Email Account", "display_name": "T1087.003 - Email Account" }, { "id": "T1588", "name": "Obtain Capabilities", "display_name": "T1588 - Obtain Capabilities" }, { "id": "T1192", "name": "Spearphishing Link", "display_name": "T1192 - Spearphishing Link" }, { "id": "T1204.001", "name": "Malicious Link", "display_name": "T1204.001 - Malicious Link" }, { "id": "T1204.002", "name": "Malicious File", "display_name": "T1204.002 - Malicious File" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1087", "name": "Account Discovery", "display_name": "T1087 - Account Discovery" }, { "id": "T1132", "name": "Data Encoding", "display_name": "T1132 - Data Encoding" }, { "id": "T1090", "name": "Proxy", "display_name": "T1090 - Proxy" } ], "industries": [ "Government", "Education" ], "TLP": "white", "cloned_from": null, "export_count": 279, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 68, "FileHash-SHA1": 69, "FileHash-SHA256": 70, "URL": 12, "domain": 48, "hostname": 11 }, "indicator_count": 278, "is_author": false, "is_subscribing": null, "subscriber_count": 386622, "modified_text": "1683 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "657096d09b7c50c7e3eea12f", "name": "IOCs_2023.02.06_22.46", "description": "", "modified": "2023-12-06T15:44:16.274000", "created": "2023-12-06T15:44:16.274000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 957, "FileHash-MD5": 196, "FileHash-SHA1": 196, "domain": 159, "hostname": 222, "URL": 3 }, "indicator_count": 1733, "is_author": false, "is_subscribing": null, "subscriber_count": 110, "modified_text": "907 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "63e1755ffb32d12b0fc3ff42", "name": "IOCs_2023.02.06_22.46", "description": "Hashes are used to identify people using the same IP address as the address on a specific address, but they can now be traced to a different address in the UK and Ireland, as well as from the US.", "modified": "2023-03-08T21:16:31.886000", "created": "2023-02-06T21:47:11.561000", "tags": [ "emotet", "wannacry", "wannycry", "trickbot", "qbot", "cobalt strike", "flawedammyy", "systembc", "hashes", "domains", "wcry", "microsoft", "iocs ip", "emotet malware", "fake net", "cobaltstrike", "first", "eternalblue", "desktop", "trojan", "agent tesla", "malware", "fallout" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "SystemBC", "display_name": "SystemBC", "target": null }, { "id": "FlawedAmmyy", "display_name": "FlawedAmmyy", "target": null }, { "id": "Cobalt Strike", "display_name": "Cobalt Strike", "target": null }, { "id": "Qbot", "display_name": "Qbot", "target": null }, { "id": "Trickbot", "display_name": "Trickbot", "target": null }, { "id": "WannyCry", "display_name": "WannyCry", "target": null }, { "id": "WannaCry", "display_name": "WannaCry", "target": null }, { "id": "Emotet", "display_name": "Emotet", "target": null }, { "id": "Agent Tesla", "display_name": "Agent Tesla", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1080", "name": "Taint Shared Content", "display_name": "T1080 - Taint Shared Content" }, { "id": "T1102", "name": "Web Service", "display_name": "T1102 - Web Service" }, { "id": "T1210", "name": "Exploitation of Remote Services", "display_name": "T1210 - Exploitation of Remote Services" }, { "id": "T1486", "name": "Data Encrypted for Impact", "display_name": "T1486 - Data Encrypted for Impact" }, { "id": "T1490", "name": "Inhibit System Recovery", "display_name": "T1490 - Inhibit System Recovery" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 21, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlessandroFiori", "id": "91912", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_91912/resized/80/avatar_2b1b2b88b6.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 196, "FileHash-SHA1": 196, "FileHash-SHA256": 957, "URL": 3, "domain": 159, "hostname": 222 }, "indicator_count": 1733, "is_author": false, "is_subscribing": null, "subscriber_count": 419, "modified_text": "1180 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "63e0ba96af987d29c17f2298", "name": "Threat Intel Report - W6-2023.pdf", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced from various channels and tools.\nThese are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week.\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools.\nThese details may be used as an additional layer to verify the current security posture of an organization against latest cyber trends.", "modified": "2023-03-08T08:04:26.856000", "created": "2023-02-06T08:30:14.537000", "tags": [], "references": [ "https://www.dnsbl.info/", "https://www.spamhaus.org/xbl/", "https://www.senderscore.org/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 19, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 163, "hostname": 74, "FileHash-MD5": 26, "FileHash-SHA1": 25, "FileHash-SHA256": 44, "CVE": 7, "domain": 127 }, "indicator_count": 466, "is_author": false, "is_subscribing": null, "subscriber_count": 108, "modified_text": "1180 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "63bbdd2fe81b242b8ffa091b", "name": "Threat Intel Report - W2-2023.pdf", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced from various channels and tools.\nThese are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week.\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools.\nThese details may be used as an additional layer to verify the current security posture of an organization against latest cyber trends.", "modified": "2023-02-08T09:00:44.549000", "created": "2023-01-09T09:23:59.096000", "tags": [], "references": [ "https://myip.ms/browse/blacklist/Blacklist_IP_Blacklist_IP_Addresses_Live_Database_ Real-time", "https://www.dnsbl.info/", "https://www.spamhaus.org/xbl/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 6, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 54, "URL": 82, "hostname": 65, "FileHash-MD5": 19, "FileHash-SHA1": 20, "FileHash-SHA256": 25, "CVE": 3 }, "indicator_count": 268, "is_author": false, "is_subscribing": null, "subscriber_count": 107, "modified_text": "1208 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "63a01d5249897d1ce5fcc4c1", "name": "Threat Intel Report - W52-2022.pdf", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced from various channels and tools.\nThese are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week.\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools.\nThese details may be used as an additional layer to verify the current security posture of an organization against latest cyber trends.", "modified": "2023-01-18T08:00:04.374000", "created": "2022-12-19T08:14:10.713000", "tags": [ "united" ], "references": [ "https://myip.ms/browse/blacklist/Blacklist_IP_Blacklist_IP_Addresses_Live_Database_ Real-time", "https://www.dnsbl.info/", "https://www.spamhaus.org/xbl/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 19, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 46, "domain": 106, "hostname": 53, "CVE": 2, "FileHash-MD5": 7, "FileHash-SHA1": 7, "FileHash-SHA256": 12 }, "indicator_count": 233, "is_author": false, "is_subscribing": null, "subscriber_count": 107, "modified_text": "1229 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "63a01d55919d8c212243d1b3", "name": "Threat Intel Report - W52-2022.pdf", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced from various channels and tools.\nThese are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week.\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools.\nThese details may be used as an additional layer to verify the current security posture of an organization against latest cyber trends.", "modified": "2023-01-18T08:00:04.374000", "created": "2022-12-19T08:14:13.536000", "tags": [ "united" ], "references": [ "https://myip.ms/browse/blacklist/Blacklist_IP_Blacklist_IP_Addresses_Live_Database_ Real-time", "https://www.dnsbl.info/", "https://www.spamhaus.org/xbl/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 19, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 46, "domain": 106, "hostname": 53, "CVE": 2, "FileHash-MD5": 7, "FileHash-SHA1": 7, "FileHash-SHA256": 12 }, "indicator_count": 233, "is_author": false, "is_subscribing": null, "subscriber_count": 107, "modified_text": "1229 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "638dcbd385c4c8b071d944fe", "name": "Threat Intel Report - W50-2022.pdf", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced from various channels and tools.\nThese are weekly based recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week.\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools.\nThese details may be used as an additional layer to verify the current security posture of an organization against latest cyber trends.", "modified": "2023-01-04T10:01:53.783000", "created": "2022-12-05T10:45:39.829000", "tags": [], "references": [ "https://myip.ms/browse/blacklist/Blacklist_IP_Blacklist_IP_Addresses_Live_Database_ Real-time", "https://www.dnsbl.info/", "https://www.spamhaus.org/xbl/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 10, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 101, "CVE": 1, "FileHash-MD5": 10, "FileHash-SHA1": 10, "FileHash-SHA256": 13, "domain": 20, "hostname": 33 }, "indicator_count": 188, "is_author": false, "is_subscribing": null, "subscriber_count": 108, "modified_text": "1243 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "satursed.com", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "satursed.com", "found": false, "verdict": "clean", "urls": [], "error": null }, "from_cache": true, "_cached_at": 1780289433.1885676 }