{ "type": "Domain", "indicator": "swb.one", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/swb.one", "alexa": "http://www.alexa.com/siteinfo/swb.one", "indicator": "swb.one", "type": "domain", "type_title": "Domain", "validation": [], "base_indicator": { "id": 980157243, "indicator": "swb.one", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 4, "pulses": [ { "id": "5c74040799222a4797532187", "name": "PasteMiner", "description": "Mining attacks against Linux servers, using Pastebin for command and control.", "modified": "2019-06-11T22:11:47.347000", "created": "2019-02-25T15:04:39.462000", "tags": [ "mining", "linux" ], "references": [ "https://blog.scilabs.mx/pasteminer/", "https://blog.talosintelligence.com/2018/12/cryptomining-campaigns-2018.html", "https://cloud.tencent.com/developer/article/1353057" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 49, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "domain": 9, "FileHash-SHA256": 58, "URL": 78, "hostname": 26, "FileHash-MD5": 7 }, "indicator_count": 178, "is_author": false, "is_subscribing": null, "subscriber_count": 386534, "modified_text": "2545 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "5c9a935fc43b7801e1ed3f05", "name": "Xwo - A Python-based bot scanner", "description": "Python-based bot compiled for Windows that has the ability to scan for default credentials in ftp, mysql, postgresql, mongodb, redis, memcached Tomcat, phpMyAdmin, VNC, RSYNC. It also has the ability to scan for default svn and GIT paths and www backup paths. Once it finds valid credentials, it reports them to a C2 address.", "modified": "2019-04-02T18:22:42.613000", "created": "2019-03-26T21:02:23.979000", "tags": [ "malware", "windows", "bot", "python", "postgresql", "mysql", "memcached", "redis", "RSYNC", "alien labs" ], "references": [ "https://www.alienvault.com/blogs/labs-research/xwo-a-python-based-bot-scanner" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 38, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "URL": 12, "FileHash-SHA256": 1, "hostname": 10, "domain": 5, "FileHash-MD5": 1, "FileHash-SHA1": 1 }, "indicator_count": 30, "is_author": false, "is_subscribing": null, "subscriber_count": 386527, "modified_text": "2615 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "5b0db2c6c1916a4c39846d10", "name": "Iron Cybercrime Group Under The Scope", "description": "In April 2018, while monitoring public data feeds, we noticed an interesting and previously unknown backdoor using HackingTeam\u2019s leaked RCS source code. We discovered that this backdoor was developed by the Iron cybercrime group, the same group behind the Iron ransomware (rip-off Maktub ransomware recently discovered by Bart Parys), which we believe has been active for the past 18 months.", "modified": "2018-05-29T20:06:30.346000", "created": "2018-05-29T20:06:30.346000", "tags": [], "references": [ "https://www.intezer.com/iron-cybercrime-group-under-the-scope-2/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 68, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "URL": 49, "hostname": 6, "FileHash-SHA256": 107, "domain": 6 }, "indicator_count": 168, "is_author": false, "is_subscribing": null, "subscriber_count": 386554, "modified_text": "2923 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "62761438439233d8adfc4f09", "name": "NewDom-4-20220507", "description": "ICANN-Dom", "modified": "2022-06-21T00:01:09.886000", "created": "2022-05-07T06:39:52.186000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "ZENDataGELowC", "id": "152785", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": {}, "indicator_count": 0, "is_author": false, "is_subscribing": null, "subscriber_count": 202, "modified_text": "1440 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 0 } ], "references": [ "https://www.intezer.com/iron-cybercrime-group-under-the-scope-2/", "https://www.alienvault.com/blogs/labs-research/xwo-a-python-based-bot-scanner", "https://blog.talosintelligence.com/2018/12/cryptomining-campaigns-2018.html", "https://blog.scilabs.mx/pasteminer/", "https://cloud.tencent.com/developer/article/1353057" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [] }, "other": { "adversary": [], "malware_families": [], "industries": [] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 4, "pulses": [ { "id": "5c74040799222a4797532187", "name": "PasteMiner", "description": "Mining attacks against Linux servers, using Pastebin for command and control.", "modified": "2019-06-11T22:11:47.347000", "created": "2019-02-25T15:04:39.462000", "tags": [ "mining", "linux" ], "references": [ "https://blog.scilabs.mx/pasteminer/", "https://blog.talosintelligence.com/2018/12/cryptomining-campaigns-2018.html", "https://cloud.tencent.com/developer/article/1353057" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 49, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "domain": 9, "FileHash-SHA256": 58, "URL": 78, "hostname": 26, "FileHash-MD5": 7 }, "indicator_count": 178, "is_author": false, "is_subscribing": null, "subscriber_count": 386534, "modified_text": "2545 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "5c9a935fc43b7801e1ed3f05", "name": "Xwo - A Python-based bot scanner", "description": "Python-based bot compiled for Windows that has the ability to scan for default credentials in ftp, mysql, postgresql, mongodb, redis, memcached Tomcat, phpMyAdmin, VNC, RSYNC. It also has the ability to scan for default svn and GIT paths and www backup paths. Once it finds valid credentials, it reports them to a C2 address.", "modified": "2019-04-02T18:22:42.613000", "created": "2019-03-26T21:02:23.979000", "tags": [ "malware", "windows", "bot", "python", "postgresql", "mysql", "memcached", "redis", "RSYNC", "alien labs" ], "references": [ "https://www.alienvault.com/blogs/labs-research/xwo-a-python-based-bot-scanner" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 38, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "URL": 12, "FileHash-SHA256": 1, "hostname": 10, "domain": 5, "FileHash-MD5": 1, "FileHash-SHA1": 1 }, "indicator_count": 30, "is_author": false, "is_subscribing": null, "subscriber_count": 386527, "modified_text": "2615 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "5b0db2c6c1916a4c39846d10", "name": "Iron Cybercrime Group Under The Scope", "description": "In April 2018, while monitoring public data feeds, we noticed an interesting and previously unknown backdoor using HackingTeam\u2019s leaked RCS source code. We discovered that this backdoor was developed by the Iron cybercrime group, the same group behind the Iron ransomware (rip-off Maktub ransomware recently discovered by Bart Parys), which we believe has been active for the past 18 months.", "modified": "2018-05-29T20:06:30.346000", "created": "2018-05-29T20:06:30.346000", "tags": [], "references": [ "https://www.intezer.com/iron-cybercrime-group-under-the-scope-2/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 68, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "URL": 49, "hostname": 6, "FileHash-SHA256": 107, "domain": 6 }, "indicator_count": 168, "is_author": false, "is_subscribing": null, "subscriber_count": 386554, "modified_text": "2923 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "62761438439233d8adfc4f09", "name": "NewDom-4-20220507", "description": "ICANN-Dom", "modified": "2022-06-21T00:01:09.886000", "created": "2022-05-07T06:39:52.186000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "ZENDataGELowC", "id": "152785", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": {}, "indicator_count": 0, "is_author": false, "is_subscribing": null, "subscriber_count": 202, "modified_text": "1440 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 0 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "swb.one", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "swb.one", "found": false, "verdict": "clean", "urls": [], "error": null }, "from_cache": true, "_cached_at": 1780206314.0708935 }