{ "type": "Domain", "indicator": "thepetrosolution.com", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/thepetrosolution.com", "alexa": "http://www.alexa.com/siteinfo/thepetrosolution.com", "indicator": "thepetrosolution.com", "type": "domain", "type_title": "Domain", "validation": [], "base_indicator": { "id": 3466215766, "indicator": "thepetrosolution.com", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 4, "pulses": [ { "id": "63d7a3b4d313f9bc61f5e2df", "name": "Microsoft Seizes 41 Domains Used in Spear-Phishing Attacks by Bohrium Hackers", "description": "", "modified": "2023-01-30T11:02:12.246000", "created": "2023-01-30T11:02:12.246000", "tags": [], "references": [ "https://news.microsoft.com/wp-content/uploads/prod/sites/358/2022/06/Doc.-No.-16-Ex-parte-TRO-SEALED.pdf", "https://thehackernews.com/2022/06/microsoft-seizes-41-domains-used-in.html", "https://twitter.com/CyberAmyHB/status/1532398956918890500" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" } ], "industries": [], "TLP": "white", "cloned_from": "629f09efc654decd2834e4d9", "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Tr1sa111", "id": "192483", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 41 }, "indicator_count": 41, "is_author": false, "is_subscribing": null, "subscriber_count": 276, "modified_text": "1216 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "629f09efc654decd2834e4d9", "name": " Microsoft Seizes 41 Domains Used in Spear-Phishing Attacks by Bohrium Hackers", "description": "", "modified": "2022-06-07T08:18:55.253000", "created": "2022-06-07T08:18:55.253000", "tags": [], "references": [ "https://news.microsoft.com/wp-content/uploads/prod/sites/358/2022/06/Doc.-No.-16-Ex-parte-TRO-SEALED.pdf", "https://thehackernews.com/2022/06/microsoft-seizes-41-domains-used-in.html", "https://twitter.com/CyberAmyHB/status/1532398956918890500" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" } ], "industries": [], "TLP": "white", "cloned_from": "629df6517d7445e4719ddca8", "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunter_NL", "id": "171283", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_171283/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 41 }, "indicator_count": 41, "is_author": false, "is_subscribing": null, "subscriber_count": 862, "modified_text": "1454 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "629df6517d7445e4719ddca8", "name": "Microsoft Seizes 41 Domains Used in Spear-Phishing Attacks by Bohrium Hackers", "description": "To halt the malicious activities of Bohrium, Microsoft said it took down 41 \".com,\" \".info,\" \".live,\" \".me,\" \".net,\" \".org,\" and \".xyz\" domains that were used as command-and-control infrastructure to facilitate the spear-phishing campaign.", "modified": "2022-06-06T12:42:57.024000", "created": "2022-06-06T12:42:57.024000", "tags": [], "references": [ "https://news.microsoft.com/wp-content/uploads/prod/sites/358/2022/06/Doc.-No.-16-Ex-parte-TRO-SEALED.pdf", "https://thehackernews.com/2022/06/microsoft-seizes-41-domains-used-in.html", "https://twitter.com/CyberAmyHB/status/1532398956918890500" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "bluewatcher", "id": "174522", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 41 }, "indicator_count": 41, "is_author": false, "is_subscribing": null, "subscriber_count": 111, "modified_text": "1454 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6299dc25ec4abd68c8f8b165", "name": "Microsoft Digital Crimes Unit takes down BOHRIUM (Iranian APT) domains", "description": "Bohrium specializes in spearphishing operations which are designed to steal user credentials and other sensitive information from computers connected to the Internet by infecting the targeted computers with malicious software (\u201cmalware\u201d). The precise identities and locations of those behind the Bohrium activity are generally unknown but have been linked by many in the security community to an Iranian group or groups.", "modified": "2022-06-03T10:02:13.138000", "created": "2022-06-03T10:02:13.138000", "tags": [], "references": [ "https://noticeofpleadings.com/Bohrium/files/Complaint_and_Summons/Appendix%20A%20-%20Domains.pdf", "https://noticeofpleadings.com/Bohrium/files/Complaint_and_Summons/Complaint.pdf", "https://noticeofpleadings.com/bohrium/", "https://twitter.com/CyberAmyHB/status/1532398956918890500?s=20&t=n199vileVN6Ft2pyYt0KUw" ], "public": 1, "adversary": "BOHRIUM", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 7, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "BushidoToken", "id": "110921", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_110921/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 41 }, "indicator_count": 41, "is_author": false, "is_subscribing": null, "subscriber_count": 177, "modified_text": "1458 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "references": [ "https://thehackernews.com/2022/06/microsoft-seizes-41-domains-used-in.html", "https://news.microsoft.com/wp-content/uploads/prod/sites/358/2022/06/Doc.-No.-16-Ex-parte-TRO-SEALED.pdf", "https://noticeofpleadings.com/Bohrium/files/Complaint_and_Summons/Appendix%20A%20-%20Domains.pdf", "https://noticeofpleadings.com/bohrium/", "https://noticeofpleadings.com/Bohrium/files/Complaint_and_Summons/Complaint.pdf", "https://twitter.com/CyberAmyHB/status/1532398956918890500", "https://twitter.com/CyberAmyHB/status/1532398956918890500?s=20&t=n199vileVN6Ft2pyYt0KUw" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [] }, "other": { "adversary": [ "BOHRIUM" ], "malware_families": [], "industries": [] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 4, "pulses": [ { "id": "63d7a3b4d313f9bc61f5e2df", "name": "Microsoft Seizes 41 Domains Used in Spear-Phishing Attacks by Bohrium Hackers", "description": "", "modified": "2023-01-30T11:02:12.246000", "created": "2023-01-30T11:02:12.246000", "tags": [], "references": [ "https://news.microsoft.com/wp-content/uploads/prod/sites/358/2022/06/Doc.-No.-16-Ex-parte-TRO-SEALED.pdf", "https://thehackernews.com/2022/06/microsoft-seizes-41-domains-used-in.html", "https://twitter.com/CyberAmyHB/status/1532398956918890500" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" } ], "industries": [], "TLP": "white", "cloned_from": "629f09efc654decd2834e4d9", "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Tr1sa111", "id": "192483", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 41 }, "indicator_count": 41, "is_author": false, "is_subscribing": null, "subscriber_count": 276, "modified_text": "1216 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "629f09efc654decd2834e4d9", "name": " Microsoft Seizes 41 Domains Used in Spear-Phishing Attacks by Bohrium Hackers", "description": "", "modified": "2022-06-07T08:18:55.253000", "created": "2022-06-07T08:18:55.253000", "tags": [], "references": [ "https://news.microsoft.com/wp-content/uploads/prod/sites/358/2022/06/Doc.-No.-16-Ex-parte-TRO-SEALED.pdf", "https://thehackernews.com/2022/06/microsoft-seizes-41-domains-used-in.html", "https://twitter.com/CyberAmyHB/status/1532398956918890500" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" } ], "industries": [], "TLP": "white", "cloned_from": "629df6517d7445e4719ddca8", "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunter_NL", "id": "171283", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_171283/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 41 }, "indicator_count": 41, "is_author": false, "is_subscribing": null, "subscriber_count": 862, "modified_text": "1454 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "629df6517d7445e4719ddca8", "name": "Microsoft Seizes 41 Domains Used in Spear-Phishing Attacks by Bohrium Hackers", "description": "To halt the malicious activities of Bohrium, Microsoft said it took down 41 \".com,\" \".info,\" \".live,\" \".me,\" \".net,\" \".org,\" and \".xyz\" domains that were used as command-and-control infrastructure to facilitate the spear-phishing campaign.", "modified": "2022-06-06T12:42:57.024000", "created": "2022-06-06T12:42:57.024000", "tags": [], "references": [ "https://news.microsoft.com/wp-content/uploads/prod/sites/358/2022/06/Doc.-No.-16-Ex-parte-TRO-SEALED.pdf", "https://thehackernews.com/2022/06/microsoft-seizes-41-domains-used-in.html", "https://twitter.com/CyberAmyHB/status/1532398956918890500" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "bluewatcher", "id": "174522", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 41 }, "indicator_count": 41, "is_author": false, "is_subscribing": null, "subscriber_count": 111, "modified_text": "1454 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6299dc25ec4abd68c8f8b165", "name": "Microsoft Digital Crimes Unit takes down BOHRIUM (Iranian APT) domains", "description": "Bohrium specializes in spearphishing operations which are designed to steal user credentials and other sensitive information from computers connected to the Internet by infecting the targeted computers with malicious software (\u201cmalware\u201d). The precise identities and locations of those behind the Bohrium activity are generally unknown but have been linked by many in the security community to an Iranian group or groups.", "modified": "2022-06-03T10:02:13.138000", "created": "2022-06-03T10:02:13.138000", "tags": [], "references": [ "https://noticeofpleadings.com/Bohrium/files/Complaint_and_Summons/Appendix%20A%20-%20Domains.pdf", "https://noticeofpleadings.com/Bohrium/files/Complaint_and_Summons/Complaint.pdf", "https://noticeofpleadings.com/bohrium/", "https://twitter.com/CyberAmyHB/status/1532398956918890500?s=20&t=n199vileVN6Ft2pyYt0KUw" ], "public": 1, "adversary": "BOHRIUM", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 7, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "BushidoToken", "id": "110921", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_110921/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 41 }, "indicator_count": 41, "is_author": false, "is_subscribing": null, "subscriber_count": 177, "modified_text": "1458 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "thepetrosolution.com", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "thepetrosolution.com", "found": false, "verdict": "clean", "urls": [], "error": null }, "from_cache": true, "_cached_at": 1780223467.0248842 }