{ "type": "Domain", "indicator": "toshioco.com", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/toshioco.com", "alexa": "http://www.alexa.com/siteinfo/toshioco.com", "indicator": "toshioco.com", "type": "domain", "type_title": "Domain", "validation": [], "base_indicator": { "id": 1917242783, "indicator": "toshioco.com", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 1, "pulses": [ { "id": "5cb4b6a2d0c46e38f066376a", "name": "New HawkEye Reborn Variant Emerges Following Ownership Change", "description": "Malware designed to steal sensitive information has been a threat to organizations around the world for a long time. The emergence of the greyware market and the increased commercialization of keyloggers, stealers, and remote access trojans (RATs) has magnified this threat by reducing the barrier to entry for attackers. In many cases, the adversaries leveraging these tools do not need to possess programming skills or in-depth computer science expertise, as they are now being provided as commercial offerings across the cybercriminal underground. Talos has previously released in-depth analyses of these types of threats and how malicious attackers are leveraging them to attack organizations with the Remcos in August and Agent Tesla in October.", "modified": "2019-04-15T17:04:02.061000", "created": "2019-04-15T16:51:46.172000", "tags": [ "HawkEye", "Spyware" ], "references": [ "https://blog.talosintelligence.com/2019/04/hawkeye-reborn.html" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 51, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 326, "URL": 2, "hostname": 2, "domain": 11 }, "indicator_count": 341, "is_author": false, "is_subscribing": null, "subscriber_count": 387014, "modified_text": "2605 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "references": [ "https://blog.talosintelligence.com/2019/04/hawkeye-reborn.html" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [] }, "other": { "adversary": [], "malware_families": [], "industries": [] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 1, "pulses": [ { "id": "5cb4b6a2d0c46e38f066376a", "name": "New HawkEye Reborn Variant Emerges Following Ownership Change", "description": "Malware designed to steal sensitive information has been a threat to organizations around the world for a long time. The emergence of the greyware market and the increased commercialization of keyloggers, stealers, and remote access trojans (RATs) has magnified this threat by reducing the barrier to entry for attackers. In many cases, the adversaries leveraging these tools do not need to possess programming skills or in-depth computer science expertise, as they are now being provided as commercial offerings across the cybercriminal underground. Talos has previously released in-depth analyses of these types of threats and how malicious attackers are leveraging them to attack organizations with the Remcos in August and Agent Tesla in October.", "modified": "2019-04-15T17:04:02.061000", "created": "2019-04-15T16:51:46.172000", "tags": [ "HawkEye", "Spyware" ], "references": [ "https://blog.talosintelligence.com/2019/04/hawkeye-reborn.html" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 51, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 326, "URL": 2, "hostname": 2, "domain": 11 }, "indicator_count": 341, "is_author": false, "is_subscribing": null, "subscriber_count": 387014, "modified_text": "2605 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "toshioco.com", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "toshioco.com", "found": true, "verdict": "malicious", "url_count": 26, "online_count": 0, "blacklists": { "spamhaus_dbl": "not listed", "surbl": "not listed" }, "urls": [ { "url": "http://toshioco.com/doc/WIZ.exe", "status": "offline", "threat": "malware_download", "date_added": "2018-10-09", "tags": [ "exe" ] }, { "url": "http://toshioco.com/doc/Document.exe", "status": "offline", "threat": "malware_download", "date_added": "2018-10-09", "tags": [ "exe", "HawkEye" ] }, { "url": "http://toshioco.com/doc/phyno.exe", "status": "offline", "threat": "malware_download", "date_added": "2018-10-09", "tags": [ "exe", "HawkEye" ] }, { "url": "http://toshioco.com/doc/CHALLA.exe", "status": "offline", "threat": "malware_download", "date_added": "2018-10-09", "tags": [ "exe", "HawkEye" ] }, { "url": "http://toshioco.com/doc/FATHER.exe", "status": "offline", "threat": "malware_download", "date_added": "2018-10-09", "tags": [ "exe", "HawkEye" ] }, { "url": "http://toshioco.com/doc/Moreyandex.exe", "status": "offline", "threat": "malware_download", "date_added": "2018-10-09", "tags": [ "exe", "HawkEye" ] }, { "url": "http://toshioco.com/doc/BLESSINGS.exe", "status": "offline", "threat": "malware_download", "date_added": "2018-10-09", "tags": [ "exe", "HawkEye" ] }, { "url": "http://toshioco.com/doc/krossyandex.exe", "status": "offline", "threat": "malware_download", "date_added": "2018-10-09", "tags": [ "exe", "HawkEye" ] }, { "url": "http://toshioco.com/doc/bobbyshit.exe", "status": "offline", "threat": "malware_download", "date_added": "2018-10-09", "tags": [ "exe", "HawkEye" ] }, { "url": "http://toshioco.com/doc/OKILOBABA.exe", "status": "offline", "threat": "malware_download", "date_added": "2018-10-09", "tags": [ "exe", "HawkEye" ] } ], "error": null }, "from_cache": true, "_cached_at": 1780441089.74067 }