{ "type": "Domain", "indicator": "tjglmy.com", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/tjglmy.com", "alexa": "http://www.alexa.com/siteinfo/tjglmy.com", "indicator": "tjglmy.com", "type": "domain", "type_title": "Domain", "validation": [], "base_indicator": { "id": 701546266, "indicator": "tjglmy.com", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 2, "pulses": [ { "id": "5aec1ab38170f445dbd22f2b", "name": "An Intelligence Report on the Winnti Umbrella and Associated State-Sponsored Attackers", "description": "We assess with high confidence that the Winnti umbrella is associated with the Chinese state intelligence apparatus, with at least some elements located in the Xicheng District of Beijing.\n\nA number of Chinese state intelligence operations from 2009 to 2018 that were previously unconnected publicly are in fact linked to the Winnti umbrella.\n\nWe assess with high confidence that multiple publicly reported threat actors operate with some shared goals and resources as part of the Chinese state intelligence apparatus. Report from Tom Hegel of 401TRG.\n\nInitial attack targets are commonly software and gaming organizations in United States, Japan, South Korea, and China. Later stage high profile targets tend to be politically motivated or high value technology organizations.", "modified": "2019-11-25T15:17:27.952000", "created": "2018-05-04T08:32:51.904000", "tags": [ "china", "APT41" ], "references": [ "https://401trg.pw/burning-umbrella/" ], "public": 1, "adversary": "APT41", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 159, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 3, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "URL": 3, "FileHash-SHA256": 3, "domain": 49, "hostname": 203, "FileHash-MD5": 236, "FileHash-SHA1": 22 }, "indicator_count": 516, "is_author": false, "is_subscribing": null, "subscriber_count": 376826, "modified_text": "2332 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65707ae885e2a9a917487146", "name": "An Intelligence Report on the Winnti Umbrella and Associated State-Sponsored Attackers", "description": "", "modified": "2023-12-06T13:45:12.043000", "created": "2023-12-06T13:45:12.043000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 3, "FileHash-SHA256": 3, "domain": 49, "hostname": 203, "FileHash-MD5": 236, "FileHash-SHA1": 22 }, "indicator_count": 516, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "860 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "references": [ "https://401trg.pw/burning-umbrella/" ], "related": { "alienvault": { "adversary": [ "APT41" ], "malware_families": [], "industries": [] }, "other": { "adversary": [], "malware_families": [], "industries": [] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 2, "pulses": [ { "id": "5aec1ab38170f445dbd22f2b", "name": "An Intelligence Report on the Winnti Umbrella and Associated State-Sponsored Attackers", "description": "We assess with high confidence that the Winnti umbrella is associated with the Chinese state intelligence apparatus, with at least some elements located in the Xicheng District of Beijing.\n\nA number of Chinese state intelligence operations from 2009 to 2018 that were previously unconnected publicly are in fact linked to the Winnti umbrella.\n\nWe assess with high confidence that multiple publicly reported threat actors operate with some shared goals and resources as part of the Chinese state intelligence apparatus. Report from Tom Hegel of 401TRG.\n\nInitial attack targets are commonly software and gaming organizations in United States, Japan, South Korea, and China. Later stage high profile targets tend to be politically motivated or high value technology organizations.", "modified": "2019-11-25T15:17:27.952000", "created": "2018-05-04T08:32:51.904000", "tags": [ "china", "APT41" ], "references": [ "https://401trg.pw/burning-umbrella/" ], "public": 1, "adversary": "APT41", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 159, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 3, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "URL": 3, "FileHash-SHA256": 3, "domain": 49, "hostname": 203, "FileHash-MD5": 236, "FileHash-SHA1": 22 }, "indicator_count": 516, "is_author": false, "is_subscribing": null, "subscriber_count": 376826, "modified_text": "2332 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65707ae885e2a9a917487146", "name": "An Intelligence Report on the Winnti Umbrella and Associated State-Sponsored Attackers", "description": "", "modified": "2023-12-06T13:45:12.043000", "created": "2023-12-06T13:45:12.043000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 3, "FileHash-SHA256": 3, "domain": 49, "hostname": 203, "FileHash-MD5": 236, "FileHash-SHA1": 22 }, "indicator_count": 516, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "860 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "tjglmy.com", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "tjglmy.com", "found": false, "verdict": "clean", "urls": [], "error": null }, "from_cache": true, "_cached_at": 1776233235.8146913 }