{ "type": "Domain", "indicator": "singtelcom.site", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/singtelcom.site", "alexa": "http://www.alexa.com/siteinfo/singtelcom.site", "indicator": "singtelcom.site", "type": "domain", "type_title": "Domain", "validation": [], "base_indicator": { "id": 4077958086, "indicator": "singtelcom.site", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 3, "pulses": [ { "id": "6a1aa0aab0805ffecffdb01d", "name": "Introducing Showboat: A new malware family taunts defenses and targets international telecom firms.", "description": "A newly identified Linux malware family, referred to as Showboat, has been linked to persistent cyber campaigns against international telecommunications firms. Discovered by Black Lotus Labs, Showboat has been operational since mid-2022 and operates as a modular post-exploitation framework, allowing attackers to spawn remote shells, transfer files, and function as a Socks5 proxy. It has been associated with activity clusters reportedly aligned with the People's Republic of China (PRC), affecting telecom providers in the Middle East and impersonating firms in Southeast Asia.", "modified": "2026-05-30T08:32:42.386000", "created": "2026-05-30T08:32:42.386000", "tags": [ "new malware discovery", "black lotus", "labs", "showboat", "lumen", "c2 node", "socks5", "ip address", "virustotal", "uuid", "linux malware", "organization", "poisonivy", "shadowpad", "malware", "april", "blizzard", "february", "ukraine" ], "references": [ "https://www.lumen.com/blog/en-us/introducing-showboat-a-new-malware-family-taunts-defenses-and-targets-international-telecom-firms" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1001", "name": "Data Obfuscation", "display_name": "T1001 - Data Obfuscation" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1059.004", "name": "Unix Shell", "display_name": "T1059.004 - Unix Shell" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1090.001", "name": "Internal Proxy", "display_name": "T1090.001 - Internal Proxy" }, { "id": "T1102.001", "name": "Dead Drop Resolver", "display_name": "T1102.001 - Dead Drop Resolver" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1113", "name": "Screen Capture", "display_name": "T1113 - Screen Capture" }, { "id": "T1132.001", "name": "Standard Encoding", "display_name": "T1132.001 - Standard Encoding" } ], "industries": [ "Telecommunication", "Critical_infrastructure" ], "TLP": "green", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "PetrP.73", "id": "154605", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 4, "IPv4": 7, "domain": 2, "hostname": 1 }, "indicator_count": 14, "is_author": false, "is_subscribing": null, "subscriber_count": 540, "modified_text": "23 hours ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6986702a24ffb69e6051aab2", "name": "Chinese hacker group Stately Taurus continues global espionage operations", "description": "Cybersecurity experts from Palo Alto Networks' Unit 42 have documented ongoing activity by Chinese hacker group Stately Taurus, also known as Mustang Panda. According to the latest data released on August 1, 2025, the group maintains global reach and continues to conduct intelligence operations around the world.", "modified": "2026-02-06T22:50:18.534000", "created": "2026-02-06T22:50:18.534000", "tags": [ "stately taurus", "statelytaurus", "mustang panda", "mustangpanda" ], "references": [ "https://1275.ru/ioc/kitayskaya-hakerskaya-gruppa-stately-taurus-prodolzhaet-globalnye-shpionskie-operatsii_16137" ], "public": 1, "adversary": "Stately Taurus", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "merc922x", "id": "30199", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 51, "hostname": 5 }, "indicator_count": 56, "is_author": false, "is_subscribing": null, "subscriber_count": 36, "modified_text": "113 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "685453004a1557f92d87c042", "name": "ACTIVIDAD MALICIOSA | Relacion de Dominios maliciosos con 25 malware identificados", "description": "Relacion de Dominios maliciosos con 25 malware identificados", "modified": "2025-06-19T18:12:16.902000", "created": "2025-06-19T18:12:16.902000", "tags": [ "beacon limeworm", "amos havoc", "gafgyt remvio", "xworm scarimson", "doplugs", "vidar" ], "references": [ "https://www.virustotal.com/graph/embed/g509ec2be059d4f759a7a2d096d39b283b24fcb047b8f43b0a6af988f918b652d?theme=light", "https://www.virustotal.com/gui/collection/fda5f66791f1dc273e3b1a17be24b487c10b4c1d230d7286cbf5c7ac61796e9b/iocs" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "BEACON", "display_name": "BEACON", "target": null }, { "id": "Vidar", "display_name": "Vidar", "target": null }, { "id": "Lime-Worm", "display_name": "Lime-Worm", "target": null }, { "id": "SocGholish - S1124", "display_name": "SocGholish - S1124", "target": null }, { "id": "LummaStealer", "display_name": "LummaStealer", "target": null }, { "id": "AMOS", "display_name": "AMOS", "target": null }, { "id": "Havoc", "display_name": "Havoc", "target": null }, { "id": "Amatera", "display_name": "Amatera", "target": null }, { "id": "BlueNoroff", "display_name": "BlueNoroff", "target": null }, { "id": "Gafgyt", "display_name": "Gafgyt", "target": null }, { "id": "Remvio", "display_name": "Remvio", "target": null }, { "id": "MetaStealer", "display_name": "MetaStealer", "target": null }, { "id": "QUASARRAT", "display_name": "QUASARRAT", "target": null }, { "id": "DCRat", "display_name": "DCRat", "target": null }, { "id": "Rhadamanthys", "display_name": "Rhadamanthys", "target": null }, { "id": "ACRStealer", "display_name": "ACRStealer", "target": null }, { "id": "Nimplant", "display_name": "Nimplant", "target": null }, { "id": "RevengeRAT", "display_name": "RevengeRAT", "target": null }, { "id": "AsyncRAT - S1087", "display_name": "AsyncRAT - S1087", "target": null }, { "id": "XWorm", "display_name": "XWorm", "target": null }, { "id": "Trojan:MSIL/Scarimson", "display_name": "Trojan:MSIL/Scarimson", "target": "/malware/Trojan:MSIL/Scarimson" }, { "id": "SpyderPatchwork", "display_name": "SpyderPatchwork", "target": null }, { "id": "Jenxcus", "display_name": "Jenxcus", "target": null }, { "id": "GHOSTPULSE", "display_name": "GHOSTPULSE", "target": null }, { "id": "DOPLUGS", "display_name": "DOPLUGS", "target": null } ], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 22, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "esoporteingenieria2020", "id": "121604", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_121604/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 1120, "hostname": 60 }, "indicator_count": 1180, "is_author": false, "is_subscribing": null, "subscriber_count": 266, "modified_text": "345 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "references": [ "https://www.lumen.com/blog/en-us/introducing-showboat-a-new-malware-family-taunts-defenses-and-targets-international-telecom-firms", "https://1275.ru/ioc/kitayskaya-hakerskaya-gruppa-stately-taurus-prodolzhaet-globalnye-shpionskie-operatsii_16137", "https://www.virustotal.com/graph/embed/g509ec2be059d4f759a7a2d096d39b283b24fcb047b8f43b0a6af988f918b652d?theme=light", "https://www.virustotal.com/gui/collection/fda5f66791f1dc273e3b1a17be24b487c10b4c1d230d7286cbf5c7ac61796e9b/iocs" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [] }, "other": { "adversary": [ "Stately Taurus" ], "malware_families": [ "Spyderpatchwork", "Doplugs", "Nimplant", "Vidar", "Rhadamanthys", "Havoc", "Socgholish - s1124", "Amos", "Metastealer", "Ghostpulse", "Bluenoroff", "Gafgyt", "Xworm", "Lummastealer", "Remvio", "Asyncrat - s1087", "Acrstealer", "Quasarrat", "Trojan:msil/scarimson", "Amatera", "Lime-worm", "Dcrat", "Beacon", "Revengerat", "Jenxcus" ], "industries": [ "Critical_infrastructure", "Telecommunication" ] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 3, "pulses": [ { "id": "6a1aa0aab0805ffecffdb01d", "name": "Introducing Showboat: A new malware family taunts defenses and targets international telecom firms.", "description": "A newly identified Linux malware family, referred to as Showboat, has been linked to persistent cyber campaigns against international telecommunications firms. Discovered by Black Lotus Labs, Showboat has been operational since mid-2022 and operates as a modular post-exploitation framework, allowing attackers to spawn remote shells, transfer files, and function as a Socks5 proxy. It has been associated with activity clusters reportedly aligned with the People's Republic of China (PRC), affecting telecom providers in the Middle East and impersonating firms in Southeast Asia.", "modified": "2026-05-30T08:32:42.386000", "created": "2026-05-30T08:32:42.386000", "tags": [ "new malware discovery", "black lotus", "labs", "showboat", "lumen", "c2 node", "socks5", "ip address", "virustotal", "uuid", "linux malware", "organization", "poisonivy", "shadowpad", "malware", "april", "blizzard", "february", "ukraine" ], "references": [ "https://www.lumen.com/blog/en-us/introducing-showboat-a-new-malware-family-taunts-defenses-and-targets-international-telecom-firms" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1001", "name": "Data Obfuscation", "display_name": "T1001 - Data Obfuscation" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1059.004", "name": "Unix Shell", "display_name": "T1059.004 - Unix Shell" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1090.001", "name": "Internal Proxy", "display_name": "T1090.001 - Internal Proxy" }, { "id": "T1102.001", "name": "Dead Drop Resolver", "display_name": "T1102.001 - Dead Drop Resolver" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1113", "name": "Screen Capture", "display_name": "T1113 - Screen Capture" }, { "id": "T1132.001", "name": "Standard Encoding", "display_name": "T1132.001 - Standard Encoding" } ], "industries": [ "Telecommunication", "Critical_infrastructure" ], "TLP": "green", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "PetrP.73", "id": "154605", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 4, "IPv4": 7, "domain": 2, "hostname": 1 }, "indicator_count": 14, "is_author": false, "is_subscribing": null, "subscriber_count": 540, "modified_text": "23 hours ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6986702a24ffb69e6051aab2", "name": "Chinese hacker group Stately Taurus continues global espionage operations", "description": "Cybersecurity experts from Palo Alto Networks' Unit 42 have documented ongoing activity by Chinese hacker group Stately Taurus, also known as Mustang Panda. According to the latest data released on August 1, 2025, the group maintains global reach and continues to conduct intelligence operations around the world.", "modified": "2026-02-06T22:50:18.534000", "created": "2026-02-06T22:50:18.534000", "tags": [ "stately taurus", "statelytaurus", "mustang panda", "mustangpanda" ], "references": [ "https://1275.ru/ioc/kitayskaya-hakerskaya-gruppa-stately-taurus-prodolzhaet-globalnye-shpionskie-operatsii_16137" ], "public": 1, "adversary": "Stately Taurus", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "merc922x", "id": "30199", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 51, "hostname": 5 }, "indicator_count": 56, "is_author": false, "is_subscribing": null, "subscriber_count": 36, "modified_text": "113 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "685453004a1557f92d87c042", "name": "ACTIVIDAD MALICIOSA | Relacion de Dominios maliciosos con 25 malware identificados", "description": "Relacion de Dominios maliciosos con 25 malware identificados", "modified": "2025-06-19T18:12:16.902000", "created": "2025-06-19T18:12:16.902000", "tags": [ "beacon limeworm", "amos havoc", "gafgyt remvio", "xworm scarimson", "doplugs", "vidar" ], "references": [ "https://www.virustotal.com/graph/embed/g509ec2be059d4f759a7a2d096d39b283b24fcb047b8f43b0a6af988f918b652d?theme=light", "https://www.virustotal.com/gui/collection/fda5f66791f1dc273e3b1a17be24b487c10b4c1d230d7286cbf5c7ac61796e9b/iocs" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "BEACON", "display_name": "BEACON", "target": null }, { "id": "Vidar", "display_name": "Vidar", "target": null }, { "id": "Lime-Worm", "display_name": "Lime-Worm", "target": null }, { "id": "SocGholish - S1124", "display_name": "SocGholish - S1124", "target": null }, { "id": "LummaStealer", "display_name": "LummaStealer", "target": null }, { "id": "AMOS", "display_name": "AMOS", "target": null }, { "id": "Havoc", "display_name": "Havoc", "target": null }, { "id": "Amatera", "display_name": "Amatera", "target": null }, { "id": "BlueNoroff", "display_name": "BlueNoroff", "target": null }, { "id": "Gafgyt", "display_name": "Gafgyt", "target": null }, { "id": "Remvio", "display_name": "Remvio", "target": null }, { "id": "MetaStealer", "display_name": "MetaStealer", "target": null }, { "id": "QUASARRAT", "display_name": "QUASARRAT", "target": null }, { "id": "DCRat", "display_name": "DCRat", "target": null }, { "id": "Rhadamanthys", "display_name": "Rhadamanthys", "target": null }, { "id": "ACRStealer", "display_name": "ACRStealer", "target": null }, { "id": "Nimplant", "display_name": "Nimplant", "target": null }, { "id": "RevengeRAT", "display_name": "RevengeRAT", "target": null }, { "id": "AsyncRAT - S1087", "display_name": "AsyncRAT - S1087", "target": null }, { "id": "XWorm", "display_name": "XWorm", "target": null }, { "id": "Trojan:MSIL/Scarimson", "display_name": "Trojan:MSIL/Scarimson", "target": "/malware/Trojan:MSIL/Scarimson" }, { "id": "SpyderPatchwork", "display_name": "SpyderPatchwork", "target": null }, { "id": "Jenxcus", "display_name": "Jenxcus", "target": null }, { "id": "GHOSTPULSE", "display_name": "GHOSTPULSE", "target": null }, { "id": "DOPLUGS", "display_name": "DOPLUGS", "target": null } ], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 22, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "esoporteingenieria2020", "id": "121604", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_121604/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 1120, "hostname": 60 }, "indicator_count": 1180, "is_author": false, "is_subscribing": null, "subscriber_count": 266, "modified_text": "345 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "singtelcom.site", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "singtelcom.site", "found": false, "verdict": "clean", "urls": [], "error": null }, "from_cache": true, "_cached_at": 1780215839.4839957 }