{ "type": "Domain", "indicator": "securevpnhelp.net", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/securevpnhelp.net", "alexa": "http://www.alexa.com/siteinfo/securevpnhelp.net", "indicator": "securevpnhelp.net", "type": "domain", "type_title": "Domain", "validation": [], "base_indicator": { "id": 23407, "indicator": "securevpnhelp.net", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 3, "pulses": [ { "id": "59835ab512e87f3c86cb5886", "name": "The Retefe Saga", "description": "Surprisingly, there is a lot of media attention going on at the moment on a macOS malware called OSX/Dok. In the recent weeks, various anti-virus vendors and security researchers published blog posts on this threat, presenting their analysis and findings. While some findings where very interesting, others were misleading or simply wrong.", "modified": "2017-08-03T17:17:41.937000", "created": "2017-08-03T17:17:41.937000", "tags": [ "citadel", "retefe", "tinba" ], "references": [ "https://www.govcert.admin.ch/blog/33/the-retefe-saga" ], "public": 1, "adversary": "Citadel", "targeted_countries": [ "Switzerland" ], "malware_families": [], "attack_ids": [], "industries": [ "Finance" ], "TLP": "white", "cloned_from": null, "export_count": 60, "upvotes_count": 2.0, "downvotes_count": 0.0, "votes_count": 2.0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "domain": 36, "URL": 158, "hostname": 2, "FileHash-MD5": 72 }, "indicator_count": 268, "is_author": false, "is_subscribing": null, "subscriber_count": 386611, "modified_text": "3222 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "55d660414637f26859c18be8", "name": "Retefe Banking Trojan", "description": "(PaloAlto) Retefe is one of the most targeted banking Trojans currently in the wild. While other families such as Zeus and Citadel are widely adopted by attackers targeting banking websites around the world, Retefe is consistently used to target victims in Sweden, Switzerland and Japan.\n\nThis Pulse includes indicators extended from Alienvault Labs Intelligence", "modified": "2017-07-25T15:37:20.060000", "created": "2015-08-20T23:18:25.201000", "tags": [ "retefe", "trojan", "powershell", "japan", "sweden", "SWITZERLAND", "smokeloader", "ssl", "banker" ], "references": [ "http://researchcenter.paloaltonetworks.com/2015/08/retefe-banking-trojan-targets-sweden-switzerland-and-japan/" ], "public": 1, "adversary": null, "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 47, "upvotes_count": 1.0, "downvotes_count": 0.0, "votes_count": 1.0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 7, "domain": 8, "URL": 1, "YARA": 1 }, "indicator_count": 17, "is_author": false, "is_subscribing": null, "subscriber_count": 386564, "modified_text": "3232 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "657079c3ce2c76e609927307", "name": "Retefe Banking Trojan", "description": "", "modified": "2023-12-06T13:40:19.254000", "created": "2023-12-06T13:40:19.254000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 7, "domain": 8, "URL": 1, "YARA": 1 }, "indicator_count": 17, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "907 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "references": [ "https://www.govcert.admin.ch/blog/33/the-retefe-saga", "http://researchcenter.paloaltonetworks.com/2015/08/retefe-banking-trojan-targets-sweden-switzerland-and-japan/" ], "related": { "alienvault": { "adversary": [ "Citadel" ], "malware_families": [], "industries": [ "Finance" ] }, "other": { "adversary": [], "malware_families": [], "industries": [] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 3, "pulses": [ { "id": "59835ab512e87f3c86cb5886", "name": "The Retefe Saga", "description": "Surprisingly, there is a lot of media attention going on at the moment on a macOS malware called OSX/Dok. In the recent weeks, various anti-virus vendors and security researchers published blog posts on this threat, presenting their analysis and findings. While some findings where very interesting, others were misleading or simply wrong.", "modified": "2017-08-03T17:17:41.937000", "created": "2017-08-03T17:17:41.937000", "tags": [ "citadel", "retefe", "tinba" ], "references": [ "https://www.govcert.admin.ch/blog/33/the-retefe-saga" ], "public": 1, "adversary": "Citadel", "targeted_countries": [ "Switzerland" ], "malware_families": [], "attack_ids": [], "industries": [ "Finance" ], "TLP": "white", "cloned_from": null, "export_count": 60, "upvotes_count": 2.0, "downvotes_count": 0.0, "votes_count": 2.0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "domain": 36, "URL": 158, "hostname": 2, "FileHash-MD5": 72 }, "indicator_count": 268, "is_author": false, "is_subscribing": null, "subscriber_count": 386611, "modified_text": "3222 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "55d660414637f26859c18be8", "name": "Retefe Banking Trojan", "description": "(PaloAlto) Retefe is one of the most targeted banking Trojans currently in the wild. While other families such as Zeus and Citadel are widely adopted by attackers targeting banking websites around the world, Retefe is consistently used to target victims in Sweden, Switzerland and Japan.\n\nThis Pulse includes indicators extended from Alienvault Labs Intelligence", "modified": "2017-07-25T15:37:20.060000", "created": "2015-08-20T23:18:25.201000", "tags": [ "retefe", "trojan", "powershell", "japan", "sweden", "SWITZERLAND", "smokeloader", "ssl", "banker" ], "references": [ "http://researchcenter.paloaltonetworks.com/2015/08/retefe-banking-trojan-targets-sweden-switzerland-and-japan/" ], "public": 1, "adversary": null, "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 47, "upvotes_count": 1.0, "downvotes_count": 0.0, "votes_count": 1.0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 7, "domain": 8, "URL": 1, "YARA": 1 }, "indicator_count": 17, "is_author": false, "is_subscribing": null, "subscriber_count": 386564, "modified_text": "3232 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "657079c3ce2c76e609927307", "name": "Retefe Banking Trojan", "description": "", "modified": "2023-12-06T13:40:19.254000", "created": "2023-12-06T13:40:19.254000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 7, "domain": 8, "URL": 1, "YARA": 1 }, "indicator_count": 17, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "907 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "securevpnhelp.net", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "securevpnhelp.net", "found": false, "verdict": "clean", "urls": [], "error": null }, "from_cache": true, "_cached_at": 1780242124.1608343 }