{ "type": "Domain", "indicator": "serveer.com", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/serveer.com", "alexa": "http://www.alexa.com/siteinfo/serveer.com", "indicator": "serveer.com", "type": "domain", "type_title": "Domain", "validation": [], "base_indicator": { "id": 3419840159, "indicator": "serveer.com", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 1, "pulses": [ { "id": "624ff5fdc775e84ef8bd5850", "name": "Cyber \u200b\u200battack of UAC-0010 group (Armageddon) on state organizations of Ukraine", "description": "The Governmental Team for Response to Computer Emergencies of Ukraine CERT-UA received an e-mail from the coordinating subject with the subject \"\u21161275 from 07.04.2022\", containing the HTML file of the same name, the opening of which will lead to the creation of an archive on the computer \" 1275_07.04.2022.rar \". The latter contains an LNK file \"On the facts of persecution and murder of prosecutors by the Russian military in the temporarily occupied territories.lnk\", the opening of which will lead to the download and launch of the payload.", "modified": "2022-05-08T00:03:14.586000", "created": "2022-04-08T08:44:44.856000", "tags": [ "Gamaredon", "Armageddon", "UAC-0010", "Primitive Bear", "geopolitical conflict" ], "references": [ "https://cert.gov.ua/article/39386" ], "public": 1, "adversary": "Gamaredon Group", "targeted_countries": [ "Ukraine" ], "malware_families": [], "attack_ids": [ { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1193", "name": "Spearphishing Attachment", "display_name": "T1193 - Spearphishing Attachment" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 290, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "domain": 15, "URL": 1, "email": 1, "hostname": 7, "FileHash-MD5": 5, "FileHash-SHA256": 5 }, "indicator_count": 34, "is_author": false, "is_subscribing": null, "subscriber_count": 387016, "modified_text": "1487 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "references": [ "https://cert.gov.ua/article/39386" ], "related": { "alienvault": { "adversary": [ "Gamaredon Group" ], "malware_families": [], "industries": [] }, "other": { "adversary": [], "malware_families": [], "industries": [] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 1, "pulses": [ { "id": "624ff5fdc775e84ef8bd5850", "name": "Cyber \u200b\u200battack of UAC-0010 group (Armageddon) on state organizations of Ukraine", "description": "The Governmental Team for Response to Computer Emergencies of Ukraine CERT-UA received an e-mail from the coordinating subject with the subject \"\u21161275 from 07.04.2022\", containing the HTML file of the same name, the opening of which will lead to the creation of an archive on the computer \" 1275_07.04.2022.rar \". The latter contains an LNK file \"On the facts of persecution and murder of prosecutors by the Russian military in the temporarily occupied territories.lnk\", the opening of which will lead to the download and launch of the payload.", "modified": "2022-05-08T00:03:14.586000", "created": "2022-04-08T08:44:44.856000", "tags": [ "Gamaredon", "Armageddon", "UAC-0010", "Primitive Bear", "geopolitical conflict" ], "references": [ "https://cert.gov.ua/article/39386" ], "public": 1, "adversary": "Gamaredon Group", "targeted_countries": [ "Ukraine" ], "malware_families": [], "attack_ids": [ { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1193", "name": "Spearphishing Attachment", "display_name": "T1193 - Spearphishing Attachment" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 290, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "domain": 15, "URL": 1, "email": 1, "hostname": 7, "FileHash-MD5": 5, "FileHash-SHA256": 5 }, "indicator_count": 34, "is_author": false, "is_subscribing": null, "subscriber_count": 387016, "modified_text": "1487 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "serveer.com", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "serveer.com", "found": false, "verdict": "clean", "urls": [], "error": null }, "from_cache": true, "_cached_at": 1780463051.3723402 }