{ "type": "Domain", "indicator": "screenshotcap.com", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/screenshotcap.com", "alexa": "http://www.alexa.com/siteinfo/screenshotcap.com", "indicator": "screenshotcap.com", "type": "domain", "type_title": "Domain", "validation": [], "base_indicator": { "id": 3473299219, "indicator": "screenshotcap.com", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 7, "pulses": [ { "id": "63dbf15bff5fab800ea7f371", "name": "Operation Ice Breaker Targets The Gam(bl)ing Industry Right Before It's Biggest Gathering", "description": "Security Joes has identified a new threat actor targeting the gambling and gaming industry, and is trying to track its maker online, in order to block the campaign before the ICE London conference in 2023.", "modified": "2023-03-04T16:07:05.954000", "created": "2023-02-02T17:22:34.286000", "tags": [ "icebreaker", "remote access", "lnk", "vbs", "msi", "pe file", "javascript", "phishing", "screen capture" ], "references": [ "https://www.securityjoes.com/post/operation-ice-breaker-targets-the-gam-bl-ing-industry-right-before-it-s-biggest-gathering" ], "public": 1, "adversary": "Ice Breaker", "targeted_countries": [], "malware_families": [ { "id": "Houdini RAT", "display_name": "Houdini RAT", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1090", "name": "Proxy", "display_name": "T1090 - Proxy" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1104", "name": "Multi-Stage Channels", "display_name": "T1104 - Multi-Stage Channels" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1087", "name": "Account Discovery", "display_name": "T1087 - Account Discovery" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1113", "name": "Screen Capture", "display_name": "T1113 - Screen Capture" }, { "id": "T1204", "name": "User Execution", "display_name": "T1204 - User Execution" }, { "id": "T1218", "name": "Signed Binary Proxy Execution", "display_name": "T1218 - Signed Binary Proxy Execution" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1539", "name": "Steal Web Session Cookie", "display_name": "T1539 - Steal Web Session Cookie" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1555", "name": "Credentials from Password Stores", "display_name": "T1555 - Credentials from Password Stores" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1571", "name": "Non-Standard Port", "display_name": "T1571 - Non-Standard Port" }, { "id": "T1572", "name": "Protocol Tunneling", "display_name": "T1572 - Protocol Tunneling" } ], "industries": [ "Gaming" ], "TLP": "white", "cloned_from": null, "export_count": 367, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 4, "FileHash-SHA1": 4, "FileHash-SHA256": 17, "domain": 7 }, "indicator_count": 32, "is_author": false, "is_subscribing": null, "subscriber_count": 386552, "modified_text": "1184 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6587425b2e78aff28100d382", "name": "Caught hijacking", "description": "Here is a full list of names and phrases associated with the internet, as compiled by the BBC News website and BBC Radio 5 live sports extra on Tuesday, 1 July 2016:. and here is the complete list", "modified": "2023-12-23T20:26:03.110000", "created": "2023-12-23T20:26:03.110000", "tags": [ "domain", "type" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 7, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Machidian45", "id": "262704", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 20 }, "indicator_count": 20, "is_author": false, "is_subscribing": null, "subscriber_count": 32, "modified_text": "889 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65539ae80b7b6e0d9c669216", "name": "Test Pulse", "description": "", "modified": "2023-12-16T16:02:10.435000", "created": "2023-11-14T16:06:00.013000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 24, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "gzerphPer", "id": "197016", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "IPv4": 3, "URL": 189, "FileHash-MD5": 442, "FileHash-SHA1": 395, "FileHash-SHA256": 659, "email": 1, "hostname": 298, "domain": 515, "FilePath": 12 }, "indicator_count": 2514, "is_author": false, "is_subscribing": null, "subscriber_count": 1, "modified_text": "897 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "63dbb95397e67870ce839f7c", "name": "Operation Ice Breaker Targets The Gam(bl)ing Industry Right Before It's Biggest Gathering", "description": "Security Joes has identified a new threat actor targeting the gambling and gaming industry, and is trying to track its maker online, in order to block the campaign before the ICE London conference in 2023.", "modified": "2023-03-04T13:00:43.098000", "created": "2023-02-02T13:23:31.538000", "tags": [ "icebreaker", "houdini", "remote access", "ceo", "gracias", "lnk", "vbs", "msi", "visitor", "lnk file", "ice breaker", "msi package", "pe file", "ice london", "eladio", "javascript", "ttps", "iocs", "february", "assistant", "hello", "info", "trojan", "first", "bypass" ], "references": [ "https://www.securityjoes.com/post/operation-ice-breaker-targets-the-gam-bl-ing-industry-right-before-it-s-biggest-gathering" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "MSI", "display_name": "MSI", "target": null }, { "id": "VBS", "display_name": "VBS", "target": null }, { "id": "LNK", "display_name": "LNK", "target": null }, { "id": "Gracias", "display_name": "Gracias", "target": null }, { "id": "CEO", "display_name": "CEO", "target": null }, { "id": "Remote Access", "display_name": "Remote Access", "target": null }, { "id": "Houdini", "display_name": "Houdini", "target": null }, { "id": "IceBreaker", "display_name": "IceBreaker", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1090", "name": "Proxy", "display_name": "T1090 - Proxy" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1104", "name": "Multi-Stage Channels", "display_name": "T1104 - Multi-Stage Channels" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1087", "name": "Account Discovery", "display_name": "T1087 - Account Discovery" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1113", "name": "Screen Capture", "display_name": "T1113 - Screen Capture" }, { "id": "T1204", "name": "User Execution", "display_name": "T1204 - User Execution" }, { "id": "T1218", "name": "Signed Binary Proxy Execution", "display_name": "T1218 - Signed Binary Proxy Execution" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1539", "name": "Steal Web Session Cookie", "display_name": "T1539 - Steal Web Session Cookie" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1555", "name": "Credentials from Password Stores", "display_name": "T1555 - Credentials from Password Stores" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1571", "name": "Non-Standard Port", "display_name": "T1571 - Non-Standard Port" }, { "id": "T1572", "name": "Protocol Tunneling", "display_name": "T1572 - Protocol Tunneling" } ], "industries": [ "Gaming" ], "TLP": "white", "cloned_from": null, "export_count": 11, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunter_NL", "id": "171283", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_171283/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 4, "FileHash-SHA1": 4, "FileHash-SHA256": 19, "domain": 7 }, "indicator_count": 34, "is_author": false, "is_subscribing": null, "subscriber_count": 863, "modified_text": "1184 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "63db11ed3337ca38f05f8c80", "name": "Gaming and Gambling Industries are Targeted by \u201cIce Breaker\u201d Cyberattacks", "description": "", "modified": "2023-03-04T01:01:45.020000", "created": "2023-02-02T01:29:16.967000", "tags": [], "references": [ "February 02nd, 2023 - CryptoGen Cyber Threat Intelligence - Gaming and Gambling Industries are Targeted by \u201cIce Breaker\u201d Cyberattacks.pdf" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 11, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "cryptocti", "id": "110256", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_110256/resized/80/avatar_e237a4257c.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 4, "FileHash-SHA1": 4, "FileHash-SHA256": 19, "URL": 1, "domain": 5, "hostname": 1 }, "indicator_count": 34, "is_author": false, "is_subscribing": null, "subscriber_count": 499, "modified_text": "1184 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "63dab3879fb30594d0821a72", "name": "Operation Ice Breaker Targets The Gam(bl)ing Industry Right Before It's Biggest Gathering", "description": "Security Joes has identified a new threat actor targeting the gambling and gaming industry, and is trying to track its maker online, in order to block the operation and prevent its impact on its clients.", "modified": "2023-03-03T18:05:49.426000", "created": "2023-02-01T18:46:31.931000", "tags": [ "icebreaker", "houdini", "remote access", "ceo", "gracias", "lnk", "vbs", "msi", "visitor", "lnk file", "ice breaker", "msi package", "pe file", "ice london", "eladio", "javascript", "ttps", "iocs", "february", "assistant", "cuba ransomware", "hello", "info", "trojan", "first", "bypass" ], "references": [ "https://www.securityjoes.com/post/operation-ice-breaker-targets-the-gam-bl-ing-industry-right-before-it-s-biggest-gathering" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "MSI", "display_name": "MSI", "target": null }, { "id": "VBS", "display_name": "VBS", "target": null }, { "id": "LNK", "display_name": "LNK", "target": null }, { "id": "Gracias", "display_name": "Gracias", "target": null }, { "id": "CEO", "display_name": "CEO", "target": null }, { "id": "Remote Access", "display_name": "Remote Access", "target": null }, { "id": "Houdini", "display_name": "Houdini", "target": null }, { "id": "IceBreaker", "display_name": "IceBreaker", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1090", "name": "Proxy", "display_name": "T1090 - Proxy" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1104", "name": "Multi-Stage Channels", "display_name": "T1104 - Multi-Stage Channels" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1087", "name": "Account Discovery", "display_name": "T1087 - Account Discovery" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1113", "name": "Screen Capture", "display_name": "T1113 - Screen Capture" }, { "id": "T1204", "name": "User Execution", "display_name": "T1204 - User Execution" }, { "id": "T1218", "name": "Signed Binary Proxy Execution", "display_name": "T1218 - Signed Binary Proxy Execution" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1539", "name": "Steal Web Session Cookie", "display_name": "T1539 - Steal Web Session Cookie" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1555", "name": "Credentials from Password Stores", "display_name": "T1555 - Credentials from Password Stores" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1571", "name": "Non-Standard Port", "display_name": "T1571 - Non-Standard Port" }, { "id": "T1572", "name": "Protocol Tunneling", "display_name": "T1572 - Protocol Tunneling" } ], "industries": [ "Gaming" ], "TLP": "white", "cloned_from": null, "export_count": 11, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Cyber74Team", "id": "202637", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_202637/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 4, "FileHash-SHA1": 4, "FileHash-SHA256": 19, "domain": 7 }, "indicator_count": 34, "is_author": false, "is_subscribing": null, "subscriber_count": 164, "modified_text": "1184 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "62a979f3ef7333e159e0559e", "name": "NewDom-2-20220615", "description": "ICANN-Dom", "modified": "2022-07-30T00:03:46.462000", "created": "2022-06-15T06:19:31.570000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "ZENDataGELowC", "id": "152785", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": {}, "indicator_count": 0, "is_author": false, "is_subscribing": null, "subscriber_count": 201, "modified_text": "1401 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 0 } ], "references": [ "https://www.securityjoes.com/post/operation-ice-breaker-targets-the-gam-bl-ing-industry-right-before-it-s-biggest-gathering", "February 02nd, 2023 - CryptoGen Cyber Threat Intelligence - Gaming and Gambling Industries are Targeted by \u201cIce Breaker\u201d Cyberattacks.pdf" ], "related": { "alienvault": { "adversary": [ "Ice Breaker" ], "malware_families": [ "Houdini rat" ], "industries": [ "Gaming" ] }, "other": { "adversary": [], "malware_families": [ "Gracias", "Ceo", "Remote access", "Lnk", "Msi", "Houdini", "Icebreaker", "Vbs" ], "industries": [ "Gaming" ] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 7, "pulses": [ { "id": "63dbf15bff5fab800ea7f371", "name": "Operation Ice Breaker Targets The Gam(bl)ing Industry Right Before It's Biggest Gathering", "description": "Security Joes has identified a new threat actor targeting the gambling and gaming industry, and is trying to track its maker online, in order to block the campaign before the ICE London conference in 2023.", "modified": "2023-03-04T16:07:05.954000", "created": "2023-02-02T17:22:34.286000", "tags": [ "icebreaker", "remote access", "lnk", "vbs", "msi", "pe file", "javascript", "phishing", "screen capture" ], "references": [ "https://www.securityjoes.com/post/operation-ice-breaker-targets-the-gam-bl-ing-industry-right-before-it-s-biggest-gathering" ], "public": 1, "adversary": "Ice Breaker", "targeted_countries": [], "malware_families": [ { "id": "Houdini RAT", "display_name": "Houdini RAT", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1090", "name": "Proxy", "display_name": "T1090 - Proxy" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1104", "name": "Multi-Stage Channels", "display_name": "T1104 - Multi-Stage Channels" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1087", "name": "Account Discovery", "display_name": "T1087 - Account Discovery" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1113", "name": "Screen Capture", "display_name": "T1113 - Screen Capture" }, { "id": "T1204", "name": "User Execution", "display_name": "T1204 - User Execution" }, { "id": "T1218", "name": "Signed Binary Proxy Execution", "display_name": "T1218 - Signed Binary Proxy Execution" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1539", "name": "Steal Web Session Cookie", "display_name": "T1539 - Steal Web Session Cookie" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1555", "name": "Credentials from Password Stores", "display_name": "T1555 - Credentials from Password Stores" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1571", "name": "Non-Standard Port", "display_name": "T1571 - Non-Standard Port" }, { "id": "T1572", "name": "Protocol Tunneling", "display_name": "T1572 - Protocol Tunneling" } ], "industries": [ "Gaming" ], "TLP": "white", "cloned_from": null, "export_count": 367, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 4, "FileHash-SHA1": 4, "FileHash-SHA256": 17, "domain": 7 }, "indicator_count": 32, "is_author": false, "is_subscribing": null, "subscriber_count": 386552, "modified_text": "1184 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6587425b2e78aff28100d382", "name": "Caught hijacking", "description": "Here is a full list of names and phrases associated with the internet, as compiled by the BBC News website and BBC Radio 5 live sports extra on Tuesday, 1 July 2016:. and here is the complete list", "modified": "2023-12-23T20:26:03.110000", "created": "2023-12-23T20:26:03.110000", "tags": [ "domain", "type" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 7, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Machidian45", "id": "262704", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 20 }, "indicator_count": 20, "is_author": false, "is_subscribing": null, "subscriber_count": 32, "modified_text": "889 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65539ae80b7b6e0d9c669216", "name": "Test Pulse", "description": "", "modified": "2023-12-16T16:02:10.435000", "created": "2023-11-14T16:06:00.013000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 24, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "gzerphPer", "id": "197016", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "IPv4": 3, "URL": 189, "FileHash-MD5": 442, "FileHash-SHA1": 395, "FileHash-SHA256": 659, "email": 1, "hostname": 298, "domain": 515, "FilePath": 12 }, "indicator_count": 2514, "is_author": false, "is_subscribing": null, "subscriber_count": 1, "modified_text": "897 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "63dbb95397e67870ce839f7c", "name": "Operation Ice Breaker Targets The Gam(bl)ing Industry Right Before It's Biggest Gathering", "description": "Security Joes has identified a new threat actor targeting the gambling and gaming industry, and is trying to track its maker online, in order to block the campaign before the ICE London conference in 2023.", "modified": "2023-03-04T13:00:43.098000", "created": "2023-02-02T13:23:31.538000", "tags": [ "icebreaker", "houdini", "remote access", "ceo", "gracias", "lnk", "vbs", "msi", "visitor", "lnk file", "ice breaker", "msi package", "pe file", "ice london", "eladio", "javascript", "ttps", "iocs", "february", "assistant", "hello", "info", "trojan", "first", "bypass" ], "references": [ "https://www.securityjoes.com/post/operation-ice-breaker-targets-the-gam-bl-ing-industry-right-before-it-s-biggest-gathering" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "MSI", "display_name": "MSI", "target": null }, { "id": "VBS", "display_name": "VBS", "target": null }, { "id": "LNK", "display_name": "LNK", "target": null }, { "id": "Gracias", "display_name": "Gracias", "target": null }, { "id": "CEO", "display_name": "CEO", "target": null }, { "id": "Remote Access", "display_name": "Remote Access", "target": null }, { "id": "Houdini", "display_name": "Houdini", "target": null }, { "id": "IceBreaker", "display_name": "IceBreaker", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1090", "name": "Proxy", "display_name": "T1090 - Proxy" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1104", "name": "Multi-Stage Channels", "display_name": "T1104 - Multi-Stage Channels" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1087", "name": "Account Discovery", "display_name": "T1087 - Account Discovery" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1113", "name": "Screen Capture", "display_name": "T1113 - Screen Capture" }, { "id": "T1204", "name": "User Execution", "display_name": "T1204 - User Execution" }, { "id": "T1218", "name": "Signed Binary Proxy Execution", "display_name": "T1218 - Signed Binary Proxy Execution" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1539", "name": "Steal Web Session Cookie", "display_name": "T1539 - Steal Web Session Cookie" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1555", "name": "Credentials from Password Stores", "display_name": "T1555 - Credentials from Password Stores" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1571", "name": "Non-Standard Port", "display_name": "T1571 - Non-Standard Port" }, { "id": "T1572", "name": "Protocol Tunneling", "display_name": "T1572 - Protocol Tunneling" } ], "industries": [ "Gaming" ], "TLP": "white", "cloned_from": null, "export_count": 11, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunter_NL", "id": "171283", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_171283/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 4, "FileHash-SHA1": 4, "FileHash-SHA256": 19, "domain": 7 }, "indicator_count": 34, "is_author": false, "is_subscribing": null, "subscriber_count": 863, "modified_text": "1184 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "63db11ed3337ca38f05f8c80", "name": "Gaming and Gambling Industries are Targeted by \u201cIce Breaker\u201d Cyberattacks", "description": "", "modified": "2023-03-04T01:01:45.020000", "created": "2023-02-02T01:29:16.967000", "tags": [], "references": [ "February 02nd, 2023 - CryptoGen Cyber Threat Intelligence - Gaming and Gambling Industries are Targeted by \u201cIce Breaker\u201d Cyberattacks.pdf" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 11, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "cryptocti", "id": "110256", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_110256/resized/80/avatar_e237a4257c.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 4, "FileHash-SHA1": 4, "FileHash-SHA256": 19, "URL": 1, "domain": 5, "hostname": 1 }, "indicator_count": 34, "is_author": false, "is_subscribing": null, "subscriber_count": 499, "modified_text": "1184 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "63dab3879fb30594d0821a72", "name": "Operation Ice Breaker Targets The Gam(bl)ing Industry Right Before It's Biggest Gathering", "description": "Security Joes has identified a new threat actor targeting the gambling and gaming industry, and is trying to track its maker online, in order to block the operation and prevent its impact on its clients.", "modified": "2023-03-03T18:05:49.426000", "created": "2023-02-01T18:46:31.931000", "tags": [ "icebreaker", "houdini", "remote access", "ceo", "gracias", "lnk", "vbs", "msi", "visitor", "lnk file", "ice breaker", "msi package", "pe file", "ice london", "eladio", "javascript", "ttps", "iocs", "february", "assistant", "cuba ransomware", "hello", "info", "trojan", "first", "bypass" ], "references": [ "https://www.securityjoes.com/post/operation-ice-breaker-targets-the-gam-bl-ing-industry-right-before-it-s-biggest-gathering" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "MSI", "display_name": "MSI", "target": null }, { "id": "VBS", "display_name": "VBS", "target": null }, { "id": "LNK", "display_name": "LNK", "target": null }, { "id": "Gracias", "display_name": "Gracias", "target": null }, { "id": "CEO", "display_name": "CEO", "target": null }, { "id": "Remote Access", "display_name": "Remote Access", "target": null }, { "id": "Houdini", "display_name": "Houdini", "target": null }, { "id": "IceBreaker", "display_name": "IceBreaker", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1090", "name": "Proxy", "display_name": "T1090 - Proxy" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1104", "name": "Multi-Stage Channels", "display_name": "T1104 - Multi-Stage Channels" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1087", "name": "Account Discovery", "display_name": "T1087 - Account Discovery" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1113", "name": "Screen Capture", "display_name": "T1113 - Screen Capture" }, { "id": "T1204", "name": "User Execution", "display_name": "T1204 - User Execution" }, { "id": "T1218", "name": "Signed Binary Proxy Execution", "display_name": "T1218 - Signed Binary Proxy Execution" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1539", "name": "Steal Web Session Cookie", "display_name": "T1539 - Steal Web Session Cookie" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1555", "name": "Credentials from Password Stores", "display_name": "T1555 - Credentials from Password Stores" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1571", "name": "Non-Standard Port", "display_name": "T1571 - Non-Standard Port" }, { "id": "T1572", "name": "Protocol Tunneling", "display_name": "T1572 - Protocol Tunneling" } ], "industries": [ "Gaming" ], "TLP": "white", "cloned_from": null, "export_count": 11, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Cyber74Team", "id": "202637", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_202637/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 4, "FileHash-SHA1": 4, "FileHash-SHA256": 19, "domain": 7 }, "indicator_count": 34, "is_author": false, "is_subscribing": null, "subscriber_count": 164, "modified_text": "1184 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "62a979f3ef7333e159e0559e", "name": "NewDom-2-20220615", "description": "ICANN-Dom", "modified": "2022-07-30T00:03:46.462000", "created": "2022-06-15T06:19:31.570000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "ZENDataGELowC", "id": "152785", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": {}, "indicator_count": 0, "is_author": false, "is_subscribing": null, "subscriber_count": 201, "modified_text": "1401 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 0 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "screenshotcap.com", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "screenshotcap.com", "found": false, "verdict": "clean", "urls": [], "error": null }, "from_cache": true, "_cached_at": 1780246802.288917 }