{ "type": "Domain", "indicator": "techsprobe.com", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/techsprobe.com", "alexa": "http://www.alexa.com/siteinfo/techsprobe.com", "indicator": "techsprobe.com", "type": "domain", "type_title": "Domain", "validation": [], "base_indicator": { "id": 3772681669, "indicator": "techsprobe.com", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 5, "pulses": [ { "id": "66757e77c15026862d716955", "name": "EtherHiding: Binance's Smart Chain Hides Malicious Code A Novel Method", "description": "Threat actors have employed a new technique to distribute malicious code named \u201cEtherHiding,\u201d which abuses Binance\u2019s Smart Chain (BSC) contracts to host parts of a malicious code chain to hide them inside the blockchain.", "modified": "2024-07-21T13:01:56.518000", "created": "2024-06-21T13:21:59.371000", "tags": [ "cybersecurity", "cyberattack", "malware", "phishing", "firewall", "programming", "coding", "tanto", "tanto cyber", "cyber", "security", "machine learning", "ebook", "publication", "etherhiding", "smart chain", "wordpress", "guardio labs", "clearfake", "hides malicious", "code a", "novel method", "light mode", "dark mode", "redline", "amadey" ], "references": [ "https://tantocyber.info/news/detail/105/etherhiding-binances-smart-chain-hides-malicious-code-a-novel-method" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 15, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AustinBH", "id": "147442", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 13, "FileHash-SHA1": 13, "FileHash-SHA256": 13, "URL": 2, "domain": 38 }, "indicator_count": 79, "is_author": false, "is_subscribing": null, "subscriber_count": 58, "modified_text": "678 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "667425ce4a185bfbe4e56e26", "name": "Malware Disguised as PowerShell Root Certificate Fixes", "description": "A complete list of key information on the cyber security threats facing the world, as compiled by the International Institute of Strategic Studies (IoC), from 20 June 2024 to 20 July 2024..", "modified": "2024-07-20T12:00:12.902000", "created": "2024-06-20T12:51:26.249000", "tags": [ "classification", "compromise", "urls", "cyber", "threat", "june", "time", "crypto cyber", "defence", "hashes" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 12, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "cryptocti", "id": "110256", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_110256/resized/80/avatar_e237a4257c.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 16, "FileHash-SHA1": 16, "FileHash-SHA256": 16, "URL": 6, "domain": 40, "hostname": 2 }, "indicator_count": 96, "is_author": false, "is_subscribing": null, "subscriber_count": 500, "modified_text": "679 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "652e2128c72de981b8bd160b", "name": "Binance Smart Chain vulnerable to 'EtherHiding' Malware Exploitation", "description": "", "modified": "2023-11-16T07:01:26.974000", "created": "2023-10-17T05:52:40.687000", "tags": [], "references": [ "October 16th, 2023 - CryptoGen Cyber Threat Intelligence Advisory #3414 - Binance Smart Chain vulnerable to 'EtherHiding' Malware Exploitation.pdf" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 22, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "cryptocti", "id": "110256", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_110256/resized/80/avatar_e237a4257c.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 27, "FileHash-SHA1": 26, "FileHash-SHA256": 27, "URL": 2, "domain": 72, "hostname": 2 }, "indicator_count": 156, "is_author": false, "is_subscribing": null, "subscriber_count": 499, "modified_text": "927 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "652e3c00828a6ec4d9d465b0", "name": "EtherHiding: A Novel Technique to Hide Malicious Code", "description": "A new technique to distribute malicious code using Binance\u2019s smart chain has been uncovered by cyber security researchers. \u00a32.5m (1.8m euros) in total.", "modified": "2023-11-16T07:01:26.974000", "created": "2023-10-17T07:47:12.664000", "tags": [ "guardio labs", "wordpress", "clearfake", "etherhiding", "binance", "smart chain", "javascript", "redline", "amadey", "document free", "malware", "protect" ], "references": [ "https://cybersecuritynews.com/etherhiding-a-novel-technique-to-hide-malicious-code/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Amadey", "display_name": "Amadey", "target": null }, { "id": "EtherHiding", "display_name": "EtherHiding", "target": null } ], "attack_ids": [ { "id": "T1176", "name": "Browser Extensions", "display_name": "T1176 - Browser Extensions" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 26, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunter_NL", "id": "171283", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_171283/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 13, "FileHash-SHA1": 13, "FileHash-SHA256": 13, "domain": 36, "URL": 1 }, "indicator_count": 76, "is_author": false, "is_subscribing": null, "subscriber_count": 862, "modified_text": "927 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "652cea1ea4d132759b92b269", "name": "ClearFake Malware Analysis | malware-analysis", "description": "Here\u2019s a look at some of the Javascript injections being used in a fake update campaign for Google Chrome, known as SocGholish, which appears to be running from a compromised website.", "modified": "2023-11-15T07:05:53.201000", "created": "2023-10-16T07:45:34.149000", "tags": [ "binance", "wordpress", "clearfake", "wordpress site", "blockchain", "etherhiding", "code", "javascript code", "array", "script", "redline", "amadey", "mask", "june", "possible", "malicious", "javascript", "payload", "july", "analysis", "randy mceoin", "publicwww", "socgholish", "chrome", "fiddler", "download" ], "references": [ "https://labs.guard.io/etherhiding-hiding-web2-malicious-code-in-web3-smart-contracts-65ea78efad16", "https://rmceoin.github.io/malware-analysis/clearfake/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "ClearFake", "display_name": "ClearFake", "target": null }, { "id": "Amadey", "display_name": "Amadey", "target": null } ], "attack_ids": [ { "id": "T1134", "name": "Access Token Manipulation", "display_name": "T1134 - Access Token Manipulation" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 19, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "cryptocti", "id": "110256", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_110256/resized/80/avatar_e237a4257c.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 5, "FileHash-SHA1": 4, "FileHash-SHA256": 14, "URL": 7, "domain": 43, "hostname": 1 }, "indicator_count": 74, "is_author": false, "is_subscribing": null, "subscriber_count": 500, "modified_text": "928 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "references": [ "https://labs.guard.io/etherhiding-hiding-web2-malicious-code-in-web3-smart-contracts-65ea78efad16", "https://cybersecuritynews.com/etherhiding-a-novel-technique-to-hide-malicious-code/", "https://rmceoin.github.io/malware-analysis/clearfake/", "October 16th, 2023 - CryptoGen Cyber Threat Intelligence Advisory #3414 - Binance Smart Chain vulnerable to 'EtherHiding' Malware Exploitation.pdf", "https://tantocyber.info/news/detail/105/etherhiding-binances-smart-chain-hides-malicious-code-a-novel-method" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [] }, "other": { "adversary": [], "malware_families": [ "Clearfake", "Etherhiding", "Amadey" ], "industries": [] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 5, "pulses": [ { "id": "66757e77c15026862d716955", "name": "EtherHiding: Binance's Smart Chain Hides Malicious Code A Novel Method", "description": "Threat actors have employed a new technique to distribute malicious code named \u201cEtherHiding,\u201d which abuses Binance\u2019s Smart Chain (BSC) contracts to host parts of a malicious code chain to hide them inside the blockchain.", "modified": "2024-07-21T13:01:56.518000", "created": "2024-06-21T13:21:59.371000", "tags": [ "cybersecurity", "cyberattack", "malware", "phishing", "firewall", "programming", "coding", "tanto", "tanto cyber", "cyber", "security", "machine learning", "ebook", "publication", "etherhiding", "smart chain", "wordpress", "guardio labs", "clearfake", "hides malicious", "code a", "novel method", "light mode", "dark mode", "redline", "amadey" ], "references": [ "https://tantocyber.info/news/detail/105/etherhiding-binances-smart-chain-hides-malicious-code-a-novel-method" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 15, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AustinBH", "id": "147442", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 13, "FileHash-SHA1": 13, "FileHash-SHA256": 13, "URL": 2, "domain": 38 }, "indicator_count": 79, "is_author": false, "is_subscribing": null, "subscriber_count": 58, "modified_text": "678 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "667425ce4a185bfbe4e56e26", "name": "Malware Disguised as PowerShell Root Certificate Fixes", "description": "A complete list of key information on the cyber security threats facing the world, as compiled by the International Institute of Strategic Studies (IoC), from 20 June 2024 to 20 July 2024..", "modified": "2024-07-20T12:00:12.902000", "created": "2024-06-20T12:51:26.249000", "tags": [ "classification", "compromise", "urls", "cyber", "threat", "june", "time", "crypto cyber", "defence", "hashes" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 12, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "cryptocti", "id": "110256", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_110256/resized/80/avatar_e237a4257c.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 16, "FileHash-SHA1": 16, "FileHash-SHA256": 16, "URL": 6, "domain": 40, "hostname": 2 }, "indicator_count": 96, "is_author": false, "is_subscribing": null, "subscriber_count": 500, "modified_text": "679 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "652e2128c72de981b8bd160b", "name": "Binance Smart Chain vulnerable to 'EtherHiding' Malware Exploitation", "description": "", "modified": "2023-11-16T07:01:26.974000", "created": "2023-10-17T05:52:40.687000", "tags": [], "references": [ "October 16th, 2023 - CryptoGen Cyber Threat Intelligence Advisory #3414 - Binance Smart Chain vulnerable to 'EtherHiding' Malware Exploitation.pdf" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 22, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "cryptocti", "id": "110256", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_110256/resized/80/avatar_e237a4257c.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 27, "FileHash-SHA1": 26, "FileHash-SHA256": 27, "URL": 2, "domain": 72, "hostname": 2 }, "indicator_count": 156, "is_author": false, "is_subscribing": null, "subscriber_count": 499, "modified_text": "927 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "652e3c00828a6ec4d9d465b0", "name": "EtherHiding: A Novel Technique to Hide Malicious Code", "description": "A new technique to distribute malicious code using Binance\u2019s smart chain has been uncovered by cyber security researchers. \u00a32.5m (1.8m euros) in total.", "modified": "2023-11-16T07:01:26.974000", "created": "2023-10-17T07:47:12.664000", "tags": [ "guardio labs", "wordpress", "clearfake", "etherhiding", "binance", "smart chain", "javascript", "redline", "amadey", "document free", "malware", "protect" ], "references": [ "https://cybersecuritynews.com/etherhiding-a-novel-technique-to-hide-malicious-code/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Amadey", "display_name": "Amadey", "target": null }, { "id": "EtherHiding", "display_name": "EtherHiding", "target": null } ], "attack_ids": [ { "id": "T1176", "name": "Browser Extensions", "display_name": "T1176 - Browser Extensions" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 26, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunter_NL", "id": "171283", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_171283/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 13, "FileHash-SHA1": 13, "FileHash-SHA256": 13, "domain": 36, "URL": 1 }, "indicator_count": 76, "is_author": false, "is_subscribing": null, "subscriber_count": 862, "modified_text": "927 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "652cea1ea4d132759b92b269", "name": "ClearFake Malware Analysis | malware-analysis", "description": "Here\u2019s a look at some of the Javascript injections being used in a fake update campaign for Google Chrome, known as SocGholish, which appears to be running from a compromised website.", "modified": "2023-11-15T07:05:53.201000", "created": "2023-10-16T07:45:34.149000", "tags": [ "binance", "wordpress", "clearfake", "wordpress site", "blockchain", "etherhiding", "code", "javascript code", "array", "script", "redline", "amadey", "mask", "june", "possible", "malicious", "javascript", "payload", "july", "analysis", "randy mceoin", "publicwww", "socgholish", "chrome", "fiddler", "download" ], "references": [ "https://labs.guard.io/etherhiding-hiding-web2-malicious-code-in-web3-smart-contracts-65ea78efad16", "https://rmceoin.github.io/malware-analysis/clearfake/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "ClearFake", "display_name": "ClearFake", "target": null }, { "id": "Amadey", "display_name": "Amadey", "target": null } ], "attack_ids": [ { "id": "T1134", "name": "Access Token Manipulation", "display_name": "T1134 - Access Token Manipulation" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 19, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "cryptocti", "id": "110256", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_110256/resized/80/avatar_e237a4257c.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 5, "FileHash-SHA1": 4, "FileHash-SHA256": 14, "URL": 7, "domain": 43, "hostname": 1 }, "indicator_count": 74, "is_author": false, "is_subscribing": null, "subscriber_count": 500, "modified_text": "928 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "techsprobe.com", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "techsprobe.com", "found": false, "verdict": "clean", "urls": [], "error": null }, "from_cache": true, "_cached_at": 1780214269.9189477 }