{ "type": "Domain", "indicator": "securevpn.com", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/securevpn.com", "alexa": "http://www.alexa.com/siteinfo/securevpn.com", "indicator": "securevpn.com", "type": "domain", "type_title": "Domain", "validation": [], "base_indicator": { "id": 3465376797, "indicator": "securevpn.com", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 6, "pulses": [ { "id": "637f72521f0b41ad3bf79630", "name": "Bahamut cybermercenary group targets Android users with fake VPN apps | WeLiveSecurity", "description": "ESET researchers have identified an active campaign targeting Android users with fake VPN apps, conducted by the Bahamut cybermercenary group, which is believed to be operating in the Middle East and South Asia.", "modified": "2022-12-01T02:58:16.389000", "created": "2022-11-24T13:32:02.698000", "tags": [], "references": [ "https://www.welivesecurity.com/2022/11/23/bahamut-cybermercenary-group-targets-android-users-fake-vpn-apps/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "sunqiang", "id": "57272", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_57272/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 2, "FileHash-SHA1": 10, "FileHash-SHA256": 2, "domain": 3 }, "indicator_count": 17, "is_author": false, "is_subscribing": null, "subscriber_count": 35, "modified_text": "1278 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6380ab76ce2b465a1d0c2f0c", "name": "Bahamut cybermercenary group targets Android users with fake VPN apps | WeLiveSecurity", "description": "ESET researchers have identified an active campaign by the Bahamut cybermercenary group, which targets Android users with fake VPN apps, and can extract sensitive data from their victims\u2019 messaging apps.", "modified": "2022-11-25T11:48:06.684000", "created": "2022-11-25T11:48:06.684000", "tags": [ "bahamut", "discovery bahamut", "securechat", "securevpn", "scripts bahamut", "keylogging bahamut", "tracking bahamut", "capture bahamut", "data bahamut", "list bahamut", "messages bahamut", "protocols bahamut", "channel bahamut", "bahamut spyware", "figure", "c server", "openvpn", "fake securevpn", "google play", "softvpn", "securevpn app", "viber", "android", "borges", "hunter", "twitter", "chat", "lazarus" ], "references": [ "https://www.welivesecurity.com/2022/11/23/bahamut-cybermercenary-group-targets-android-users-fake-vpn-apps/" ], "public": 1, "adversary": "Bahamut", "targeted_countries": [], "malware_families": [ { "id": "Channel Bahamut", "display_name": "Channel Bahamut", "target": null }, { "id": "Protocols Bahamut", "display_name": "Protocols Bahamut", "target": null }, { "id": "Messages Bahamut", "display_name": "Messages Bahamut", "target": null }, { "id": "List Bahamut", "display_name": "List Bahamut", "target": null }, { "id": "Data Bahamut", "display_name": "Data Bahamut", "target": null }, { "id": "Capture Bahamut", "display_name": "Capture Bahamut", "target": null }, { "id": "Tracking Bahamut", "display_name": "Tracking Bahamut", "target": null }, { "id": "Keylogging Bahamut", "display_name": "Keylogging Bahamut", "target": null }, { "id": "Scripts Bahamut", "display_name": "Scripts Bahamut", "target": null }, { "id": "SecureVPN", "display_name": "SecureVPN", "target": null }, { "id": "SecureChat", "display_name": "SecureChat", "target": null }, { "id": "Discovery Bahamut", "display_name": "Discovery Bahamut", "target": null }, { "id": "Bahamut", "display_name": "Bahamut", "target": null } ], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunter_NL", "id": "171283", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_171283/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 2, "FileHash-SHA1": 10, "FileHash-SHA256": 2, "domain": 3 }, "indicator_count": 17, "is_author": false, "is_subscribing": null, "subscriber_count": 863, "modified_text": "1284 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "63805d4ba27036d1cef7e359", "name": "Bahamut cybermercenary group targets Android users with fake VPN apps | WeLiveSecurity", "description": "", "modified": "2022-11-25T06:14:35.655000", "created": "2022-11-25T06:14:35.655000", "tags": [], "references": [ "https://www.welivesecurity.com/2022/11/23/bahamut-cybermercenary-group-targets-android-users-fake-vpn-apps/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" } ], "industries": [], "TLP": "white", "cloned_from": "638049029d7ee65958dbe1f2", "export_count": 4, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Tr1sa111", "id": "192483", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 2, "FileHash-SHA1": 10, "FileHash-SHA256": 2, "domain": 3 }, "indicator_count": 17, "is_author": false, "is_subscribing": null, "subscriber_count": 277, "modified_text": "1284 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "638049029d7ee65958dbe1f2", "name": "Bahamut cybermercenary group targets Android users with fake VPN apps | WeLiveSecurity", "description": "", "modified": "2022-11-25T04:48:02.905000", "created": "2022-11-25T04:48:02.905000", "tags": [], "references": [ "https://www.welivesecurity.com/2022/11/23/bahamut-cybermercenary-group-targets-android-users-fake-vpn-apps/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" } ], "industries": [], "TLP": "white", "cloned_from": "637f72521f0b41ad3bf79630", "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "tr2222200", "id": "207905", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 2, "FileHash-SHA1": 10, "FileHash-SHA256": 2, "domain": 3 }, "indicator_count": 17, "is_author": false, "is_subscribing": null, "subscriber_count": 186, "modified_text": "1284 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "62985f3690ace88f8dca0c6d", "name": "SideWinder AntiBot Script | Group-IB", "description": "Researchers from Group-IB Threat Intelligence have discovered a new malicious infrastructure and a custom tool of the Indian nation-state cyber-attack group SideWinder, which has been targeting Pakistani targets since 2012.", "modified": "2022-07-02T00:05:39.094000", "created": "2022-06-02T06:56:54.767000", "tags": [ "sidewinder", "strong", "mimicry", "pakistan", "groupib", "screenshot", "groupib threat", "pakistani", "image", "intelligence", "team", "kill", "powershell", "canvas", "date" ], "references": [ "https://blog.group-ib.com/sidewinder-antibot" ], "public": 1, "adversary": "SideWinder", "targeted_countries": [ "China", "Singapore", "Bangladesh", "Philippines", "Myanmar", "Bhutan", "Sri Lanka", "Nepal", "Afghanistan", "Pakistan" ], "malware_families": [], "attack_ids": [ { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1104", "name": "Multi-Stage Channels", "display_name": "T1104 - Multi-Stage Channels" }, { "id": "T1125", "name": "Video Capture", "display_name": "T1125 - Video Capture" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" } ], "industries": [ "Military", "Government" ], "TLP": "white", "cloned_from": null, "export_count": 9, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "bluewatcher", "id": "174522", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 490, "FileHash-MD5": 1, "FileHash-SHA1": 5, "FileHash-SHA256": 1, "domain": 8, "email": 1, "hostname": 103 }, "indicator_count": 609, "is_author": false, "is_subscribing": null, "subscriber_count": 112, "modified_text": "1430 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6298582a5bd9e47d7996370f", "name": "SideWinder hackers plant fake Android VPN app in Google Play Store", "description": "", "modified": "2022-06-02T06:26:50.674000", "created": "2022-06-02T06:26:50.674000", "tags": [ "sidewinder", "groupib", "google play", "vpn app", "pakistan", "secure vpn", "data", "afghanistan", "sidewinder apt", "battery status", "twitter", "facebook", "android" ], "references": [ "https://www.bleepingcomputer.com/news/security/sidewinder-hackers-plant-fake-android-vpn-app-in-google-play-store/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunter_NL", "id": "171283", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_171283/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 1, "hostname": 8 }, "indicator_count": 9, "is_author": false, "is_subscribing": null, "subscriber_count": 862, "modified_text": "1460 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "references": [ "https://blog.group-ib.com/sidewinder-antibot", "https://www.bleepingcomputer.com/news/security/sidewinder-hackers-plant-fake-android-vpn-app-in-google-play-store/", "https://www.welivesecurity.com/2022/11/23/bahamut-cybermercenary-group-targets-android-users-fake-vpn-apps/" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [] }, "other": { "adversary": [ "Bahamut", "SideWinder" ], "malware_families": [ "Data bahamut", "Securechat", "Scripts bahamut", "Discovery bahamut", "Securevpn", "Tracking bahamut", "Protocols bahamut", "Keylogging bahamut", "Bahamut", "Messages bahamut", "Channel bahamut", "List bahamut", "Capture bahamut" ], "industries": [ "Government", "Military" ] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 6, "pulses": [ { "id": "637f72521f0b41ad3bf79630", "name": "Bahamut cybermercenary group targets Android users with fake VPN apps | WeLiveSecurity", "description": "ESET researchers have identified an active campaign targeting Android users with fake VPN apps, conducted by the Bahamut cybermercenary group, which is believed to be operating in the Middle East and South Asia.", "modified": "2022-12-01T02:58:16.389000", "created": "2022-11-24T13:32:02.698000", "tags": [], "references": [ "https://www.welivesecurity.com/2022/11/23/bahamut-cybermercenary-group-targets-android-users-fake-vpn-apps/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "sunqiang", "id": "57272", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_57272/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 2, "FileHash-SHA1": 10, "FileHash-SHA256": 2, "domain": 3 }, "indicator_count": 17, "is_author": false, "is_subscribing": null, "subscriber_count": 35, "modified_text": "1278 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6380ab76ce2b465a1d0c2f0c", "name": "Bahamut cybermercenary group targets Android users with fake VPN apps | WeLiveSecurity", "description": "ESET researchers have identified an active campaign by the Bahamut cybermercenary group, which targets Android users with fake VPN apps, and can extract sensitive data from their victims\u2019 messaging apps.", "modified": "2022-11-25T11:48:06.684000", "created": "2022-11-25T11:48:06.684000", "tags": [ "bahamut", "discovery bahamut", "securechat", "securevpn", "scripts bahamut", "keylogging bahamut", "tracking bahamut", "capture bahamut", "data bahamut", "list bahamut", "messages bahamut", "protocols bahamut", "channel bahamut", "bahamut spyware", "figure", "c server", "openvpn", "fake securevpn", "google play", "softvpn", "securevpn app", "viber", "android", "borges", "hunter", "twitter", "chat", "lazarus" ], "references": [ "https://www.welivesecurity.com/2022/11/23/bahamut-cybermercenary-group-targets-android-users-fake-vpn-apps/" ], "public": 1, "adversary": "Bahamut", "targeted_countries": [], "malware_families": [ { "id": "Channel Bahamut", "display_name": "Channel Bahamut", "target": null }, { "id": "Protocols Bahamut", "display_name": "Protocols Bahamut", "target": null }, { "id": "Messages Bahamut", "display_name": "Messages Bahamut", "target": null }, { "id": "List Bahamut", "display_name": "List Bahamut", "target": null }, { "id": "Data Bahamut", "display_name": "Data Bahamut", "target": null }, { "id": "Capture Bahamut", "display_name": "Capture Bahamut", "target": null }, { "id": "Tracking Bahamut", "display_name": "Tracking Bahamut", "target": null }, { "id": "Keylogging Bahamut", "display_name": "Keylogging Bahamut", "target": null }, { "id": "Scripts Bahamut", "display_name": "Scripts Bahamut", "target": null }, { "id": "SecureVPN", "display_name": "SecureVPN", "target": null }, { "id": "SecureChat", "display_name": "SecureChat", "target": null }, { "id": "Discovery Bahamut", "display_name": "Discovery Bahamut", "target": null }, { "id": "Bahamut", "display_name": "Bahamut", "target": null } ], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunter_NL", "id": "171283", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_171283/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 2, "FileHash-SHA1": 10, "FileHash-SHA256": 2, "domain": 3 }, "indicator_count": 17, "is_author": false, "is_subscribing": null, "subscriber_count": 863, "modified_text": "1284 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "63805d4ba27036d1cef7e359", "name": "Bahamut cybermercenary group targets Android users with fake VPN apps | WeLiveSecurity", "description": "", "modified": "2022-11-25T06:14:35.655000", "created": "2022-11-25T06:14:35.655000", "tags": [], "references": [ "https://www.welivesecurity.com/2022/11/23/bahamut-cybermercenary-group-targets-android-users-fake-vpn-apps/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" } ], "industries": [], "TLP": "white", "cloned_from": "638049029d7ee65958dbe1f2", "export_count": 4, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Tr1sa111", "id": "192483", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 2, "FileHash-SHA1": 10, "FileHash-SHA256": 2, "domain": 3 }, "indicator_count": 17, "is_author": false, "is_subscribing": null, "subscriber_count": 277, "modified_text": "1284 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "638049029d7ee65958dbe1f2", "name": "Bahamut cybermercenary group targets Android users with fake VPN apps | WeLiveSecurity", "description": "", "modified": "2022-11-25T04:48:02.905000", "created": "2022-11-25T04:48:02.905000", "tags": [], "references": [ "https://www.welivesecurity.com/2022/11/23/bahamut-cybermercenary-group-targets-android-users-fake-vpn-apps/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" } ], "industries": [], "TLP": "white", "cloned_from": "637f72521f0b41ad3bf79630", "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "tr2222200", "id": "207905", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 2, "FileHash-SHA1": 10, "FileHash-SHA256": 2, "domain": 3 }, "indicator_count": 17, "is_author": false, "is_subscribing": null, "subscriber_count": 186, "modified_text": "1284 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "62985f3690ace88f8dca0c6d", "name": "SideWinder AntiBot Script | Group-IB", "description": "Researchers from Group-IB Threat Intelligence have discovered a new malicious infrastructure and a custom tool of the Indian nation-state cyber-attack group SideWinder, which has been targeting Pakistani targets since 2012.", "modified": "2022-07-02T00:05:39.094000", "created": "2022-06-02T06:56:54.767000", "tags": [ "sidewinder", "strong", "mimicry", "pakistan", "groupib", "screenshot", "groupib threat", "pakistani", "image", "intelligence", "team", "kill", "powershell", "canvas", "date" ], "references": [ "https://blog.group-ib.com/sidewinder-antibot" ], "public": 1, "adversary": "SideWinder", "targeted_countries": [ "China", "Singapore", "Bangladesh", "Philippines", "Myanmar", "Bhutan", "Sri Lanka", "Nepal", "Afghanistan", "Pakistan" ], "malware_families": [], "attack_ids": [ { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1104", "name": "Multi-Stage Channels", "display_name": "T1104 - Multi-Stage Channels" }, { "id": "T1125", "name": "Video Capture", "display_name": "T1125 - Video Capture" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" } ], "industries": [ "Military", "Government" ], "TLP": "white", "cloned_from": null, "export_count": 9, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "bluewatcher", "id": "174522", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 490, "FileHash-MD5": 1, "FileHash-SHA1": 5, "FileHash-SHA256": 1, "domain": 8, "email": 1, "hostname": 103 }, "indicator_count": 609, "is_author": false, "is_subscribing": null, "subscriber_count": 112, "modified_text": "1430 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6298582a5bd9e47d7996370f", "name": "SideWinder hackers plant fake Android VPN app in Google Play Store", "description": "", "modified": "2022-06-02T06:26:50.674000", "created": "2022-06-02T06:26:50.674000", "tags": [ "sidewinder", "groupib", "google play", "vpn app", "pakistan", "secure vpn", "data", "afghanistan", "sidewinder apt", "battery status", "twitter", "facebook", "android" ], "references": [ "https://www.bleepingcomputer.com/news/security/sidewinder-hackers-plant-fake-android-vpn-app-in-google-play-store/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunter_NL", "id": "171283", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_171283/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 1, "hostname": 8 }, "indicator_count": 9, "is_author": false, "is_subscribing": null, "subscriber_count": 862, "modified_text": "1460 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "securevpn.com", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "securevpn.com", "found": false, "verdict": "clean", "urls": [], "error": null }, "from_cache": true, "_cached_at": 1780326547.4957268 }