{ "type": "Domain", "indicator": "vmud.net", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/vmud.net", "alexa": "http://www.alexa.com/siteinfo/vmud.net", "indicator": "vmud.net", "type": "domain", "type_title": "Domain", "validation": [], "base_indicator": { "id": 4043575463, "indicator": "vmud.net", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 4, "pulses": [ { "id": "68434df5a7a61c7583cdec3f", "name": "Threat Intelligence Disruption: BADBOX 2.0 Targets Consumer Devices with Multiple Fraud Schemes", "description": "HUMAN's Satori team uncovered and partially disrupted BADBOX 2.0, a complex fraud operation targeting over 1 million low-cost consumer devices worldwide. The scheme involves a backdoor pre-installed on devices or distributed through unofficial app marketplaces, allowing threat actors to conduct various fraudulent activities. These include selling residential proxy services, ad fraud through hidden ads and WebViews, and click fraud. Four main threat actor groups were identified: SalesTracker, MoYu, Lemon, and LongTV. The operation affects Android Open Source Project devices in 222 countries, with Brazil being the most impacted. Disruption efforts involved collaboration with Google and other partners to mitigate the threat's impact.", "modified": "2025-06-06T20:24:01.215000", "created": "2025-06-06T20:22:13.238000", "tags": [ "consumer devices", "iot", "badbox", "vo1d", "ad fraud", "botnet", "residential proxy", "android", "ctv", "bb2door" ], "references": [ "https://www.humansecurity.com/learn/blog/satori-threat-intelligence-disruption-badbox-2-0", "https://www.humansecurity.com/wp-content/uploads/2025/03/BADBOX-2-H5-Domain-List.csv" ], "public": 1, "adversary": "", "targeted_countries": [ "Brazil", "United States of America", "Mexico", "Argentina", "Colombia" ], "malware_families": [], "attack_ids": [ { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1608.001", "name": "Upload Malware", "display_name": "T1608.001 - Upload Malware" }, { "id": "T1608", "name": "Stage Capabilities", "display_name": "T1608 - Stage Capabilities" }, { "id": "T1104", "name": "Multi-Stage Channels", "display_name": "T1104 - Multi-Stage Channels" }, { "id": "T1059.004", "name": "Unix Shell", "display_name": "T1059.004 - Unix Shell" }, { "id": "T1001", "name": "Data Obfuscation", "display_name": "T1001 - Data Obfuscation" }, { "id": "T1571", "name": "Non-Standard Port", "display_name": "T1571 - Non-Standard Port" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" } ], "industries": [ "Technology", "Telecommunications", "Media" ], "TLP": "white", "cloned_from": null, "export_count": 59, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "domain": 800, "hostname": 169 }, "indicator_count": 969, "is_author": false, "is_subscribing": null, "subscriber_count": 386592, "modified_text": "359 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "67c99587958ded87f3a219f3", "name": "BADBOX 2.0 Targets Consumer Devices with Multiple Fraud Schemes", "description": "HUMAN's Satori Threat Intelligence team uncovered and partially disrupted BADBOX 2.0, a complex fraud operation targeting low-cost consumer devices. This operation, an expansion of the 2023 BADBOX scheme, infected over 1 million Android Open Source Project devices worldwide with a backdoor called BB2DOOR. The infection enabled various fraud schemes, including residential proxy services, ad fraud, and click fraud. Four threat actor groups were identified: SalesTracker Group, MoYu Group, Lemon Group, and LongTV. The operation targeted devices in 222 countries, with Brazil being the most affected. HUMAN collaborated with Google and other partners to disrupt the infrastructure and protect customers from the threat.", "modified": "2025-03-06T15:14:33.559000", "created": "2025-03-06T12:31:03.912000", "tags": [ "vo1d", "ctv", "bb2door", "botnet", "backdoor", "iot", "residential proxy", "ad fraud", "click fraud", "badbox 2.0", "badbox" ], "references": [ "https://www.humansecurity.com/learn/blog/satori-threat-intelligence-disruption-badbox-2-0/" ], "public": 1, "adversary": "BADBOX 2.0", "targeted_countries": [], "malware_families": [ { "id": "BADBOX", "display_name": "BADBOX", "target": null } ], "attack_ids": [ { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1608.001", "name": "Upload Malware", "display_name": "T1608.001 - Upload Malware" }, { "id": "T1608", "name": "Stage Capabilities", "display_name": "T1608 - Stage Capabilities" }, { "id": "T1104", "name": "Multi-Stage Channels", "display_name": "T1104 - Multi-Stage Channels" }, { "id": "T1059.004", "name": "Unix Shell", "display_name": "T1059.004 - Unix Shell" }, { "id": "T1001", "name": "Data Obfuscation", "display_name": "T1001 - Data Obfuscation" }, { "id": "T1571", "name": "Non-Standard Port", "display_name": "T1571 - Non-Standard Port" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 48, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "domain": 59 }, "indicator_count": 59, "is_author": false, "is_subscribing": null, "subscriber_count": 386592, "modified_text": "451 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6842ca684b5413baf27aa136", "name": "Satori Threat Intelligence Disruption: BADBOX 2.0 Targets Consumer Devices with Multiple Fraud Schemes - HUMAN Security", "description": "Learn more about HUMAN, the artificial intelligence company designed to prevent bot attacks and fraud on ad tech platforms and digital publishers, from exploiting customers' valuable online accounts and other online services, and from partners.", "modified": "2025-06-06T11:00:56.776000", "created": "2025-06-06T11:00:56.776000", "tags": [], "references": [ "https://humansecurity.com/learn/blog/satori-threat-intelligence-disruption-badbox-2-0/" ], "public": 1, "adversary": "Lemon", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 19, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunter_NL", "id": "171283", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_171283/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 110, "hostname": 1 }, "indicator_count": 111, "is_author": false, "is_subscribing": null, "subscriber_count": 864, "modified_text": "359 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "67ca9b25d3c18153af18075d", "name": "IOC&TTP - Satori Threat Intelligence Disruption BADBOX 2.0 Targets Consumer Devices with Multiple Fraud Schemes", "description": "HUMAN Satori \u5a01\u80c1\u60c5\u62a5\u56e2\u961f\u6700\u8fd1\u53d1\u73b0\u5e76\u90e8\u5206\u7834\u574f\u4e86\u4e00\u4e2a\u540d\u4e3a BADBOX 2.0 \u7684\u5927\u89c4\u6a21\u7f51\u7edc\u6b3a\u8bc8\u884c\u52a8\u3002\u8be5\u884c\u52a8\u662f 2023 \u5e74 BADBOX \u64cd\u4f5c\u7684\u5347\u7ea7\u7248\uff0c\u88ab\u8ba4\u4e3a\u662f \u8fc4\u4eca\u53d1\u73b0\u7684\u6700\u5927\u8054\u7f51\u7535\u89c6\uff08CTV\uff09\u50f5\u5c38\u7f51\u7edc\uff0c\u6d89\u53ca \u8d85\u8fc7 100 \u4e07\u53f0\u6d88\u8d39\u7535\u5b50\u8bbe\u5907\u3002BADBOX 2.0 \u901a\u8fc7\u5728\u4f4e\u6210\u672c Android \u5f00\u6e90\u9879\u76ee\uff08AOSP\uff09\u8bbe\u5907\u4e0a\u690d\u5165\u540e\u95e8\uff0c\u5141\u8bb8\u653b\u51fb\u8005\u8fdc\u7a0b\u90e8\u7f72\u6b3a\u8bc8\u6a21\u5757\uff0c\u7528\u4e8e \u5e7f\u544a\u6b3a\u8bc8\u3001\u70b9\u51fb\u6b3a\u8bc8\u3001DDoS \u653b\u51fb\u3001\u6076\u610f\u8f6f\u4ef6\u5206\u53d1\uff0c\u751a\u81f3\u5c06\u8bbe\u5907\u4f5c\u4e3a\u4f4f\u5b85\u4ee3\u7406\uff08Residential Proxy\uff09\u670d\u52a1\u7684\u4e00\u90e8\u5206\u3002", "modified": "2025-03-10T02:49:15.961000", "created": "2025-03-07T07:07:17.807000", "tags": [ "vo1d", "ctv", "bb2door", "botnet", "backdoor", "iot", "residential proxy", "ad fraud", "click fraud", "badbox 2.0", "badbox" ], "references": [ "https://www.humansecurity.com/learn/blog/satori-threat-intelligence-disruption-badbox-2-0/" ], "public": 1, "adversary": "BADBOX 2.0", "targeted_countries": [], "malware_families": [ { "id": "BADBOX", "display_name": "BADBOX", "target": null } ], "attack_ids": [ { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1608.001", "name": "Upload Malware", "display_name": "T1608.001 - Upload Malware" }, { "id": "T1608", "name": "Stage Capabilities", "display_name": "T1608 - Stage Capabilities" }, { "id": "T1104", "name": "Multi-Stage Channels", "display_name": "T1104 - Multi-Stage Channels" }, { "id": "T1059.004", "name": "Unix Shell", "display_name": "T1059.004 - Unix Shell" }, { "id": "T1001", "name": "Data Obfuscation", "display_name": "T1001 - Data Obfuscation" }, { "id": "T1571", "name": "Non-Standard Port", "display_name": "T1571 - Non-Standard Port" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" } ], "industries": [], "TLP": "white", "cloned_from": "67c99587958ded87f3a219f3", "export_count": 10, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "celestre", "id": "295357", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 59 }, "indicator_count": 59, "is_author": false, "is_subscribing": null, "subscriber_count": 139, "modified_text": "447 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "references": [ "https://humansecurity.com/learn/blog/satori-threat-intelligence-disruption-badbox-2-0/", "https://www.humansecurity.com/learn/blog/satori-threat-intelligence-disruption-badbox-2-0/", "https://www.humansecurity.com/learn/blog/satori-threat-intelligence-disruption-badbox-2-0", "https://www.humansecurity.com/wp-content/uploads/2025/03/BADBOX-2-H5-Domain-List.csv" ], "related": { "alienvault": { "adversary": [ "BADBOX 2.0" ], "malware_families": [ "Badbox" ], "industries": [ "Media", "Telecommunications", "Technology" ] }, "other": { "adversary": [ "BADBOX 2.0", "Lemon" ], "malware_families": [ "Badbox" ], "industries": [] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 4, "pulses": [ { "id": "68434df5a7a61c7583cdec3f", "name": "Threat Intelligence Disruption: BADBOX 2.0 Targets Consumer Devices with Multiple Fraud Schemes", "description": "HUMAN's Satori team uncovered and partially disrupted BADBOX 2.0, a complex fraud operation targeting over 1 million low-cost consumer devices worldwide. The scheme involves a backdoor pre-installed on devices or distributed through unofficial app marketplaces, allowing threat actors to conduct various fraudulent activities. These include selling residential proxy services, ad fraud through hidden ads and WebViews, and click fraud. Four main threat actor groups were identified: SalesTracker, MoYu, Lemon, and LongTV. The operation affects Android Open Source Project devices in 222 countries, with Brazil being the most impacted. Disruption efforts involved collaboration with Google and other partners to mitigate the threat's impact.", "modified": "2025-06-06T20:24:01.215000", "created": "2025-06-06T20:22:13.238000", "tags": [ "consumer devices", "iot", "badbox", "vo1d", "ad fraud", "botnet", "residential proxy", "android", "ctv", "bb2door" ], "references": [ "https://www.humansecurity.com/learn/blog/satori-threat-intelligence-disruption-badbox-2-0", "https://www.humansecurity.com/wp-content/uploads/2025/03/BADBOX-2-H5-Domain-List.csv" ], "public": 1, "adversary": "", "targeted_countries": [ "Brazil", "United States of America", "Mexico", "Argentina", "Colombia" ], "malware_families": [], "attack_ids": [ { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1608.001", "name": "Upload Malware", "display_name": "T1608.001 - Upload Malware" }, { "id": "T1608", "name": "Stage Capabilities", "display_name": "T1608 - Stage Capabilities" }, { "id": "T1104", "name": "Multi-Stage Channels", "display_name": "T1104 - Multi-Stage Channels" }, { "id": "T1059.004", "name": "Unix Shell", "display_name": "T1059.004 - Unix Shell" }, { "id": "T1001", "name": "Data Obfuscation", "display_name": "T1001 - Data Obfuscation" }, { "id": "T1571", "name": "Non-Standard Port", "display_name": "T1571 - Non-Standard Port" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" } ], "industries": [ "Technology", "Telecommunications", "Media" ], "TLP": "white", "cloned_from": null, "export_count": 59, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "domain": 800, "hostname": 169 }, "indicator_count": 969, "is_author": false, "is_subscribing": null, "subscriber_count": 386592, "modified_text": "359 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "67c99587958ded87f3a219f3", "name": "BADBOX 2.0 Targets Consumer Devices with Multiple Fraud Schemes", "description": "HUMAN's Satori Threat Intelligence team uncovered and partially disrupted BADBOX 2.0, a complex fraud operation targeting low-cost consumer devices. This operation, an expansion of the 2023 BADBOX scheme, infected over 1 million Android Open Source Project devices worldwide with a backdoor called BB2DOOR. The infection enabled various fraud schemes, including residential proxy services, ad fraud, and click fraud. Four threat actor groups were identified: SalesTracker Group, MoYu Group, Lemon Group, and LongTV. The operation targeted devices in 222 countries, with Brazil being the most affected. HUMAN collaborated with Google and other partners to disrupt the infrastructure and protect customers from the threat.", "modified": "2025-03-06T15:14:33.559000", "created": "2025-03-06T12:31:03.912000", "tags": [ "vo1d", "ctv", "bb2door", "botnet", "backdoor", "iot", "residential proxy", "ad fraud", "click fraud", "badbox 2.0", "badbox" ], "references": [ "https://www.humansecurity.com/learn/blog/satori-threat-intelligence-disruption-badbox-2-0/" ], "public": 1, "adversary": "BADBOX 2.0", "targeted_countries": [], "malware_families": [ { "id": "BADBOX", "display_name": "BADBOX", "target": null } ], "attack_ids": [ { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1608.001", "name": "Upload Malware", "display_name": "T1608.001 - Upload Malware" }, { "id": "T1608", "name": "Stage Capabilities", "display_name": "T1608 - Stage Capabilities" }, { "id": "T1104", "name": "Multi-Stage Channels", "display_name": "T1104 - Multi-Stage Channels" }, { "id": "T1059.004", "name": "Unix Shell", "display_name": "T1059.004 - Unix Shell" }, { "id": "T1001", "name": "Data Obfuscation", "display_name": "T1001 - Data Obfuscation" }, { "id": "T1571", "name": "Non-Standard Port", "display_name": "T1571 - Non-Standard Port" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 48, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "domain": 59 }, "indicator_count": 59, "is_author": false, "is_subscribing": null, "subscriber_count": 386592, "modified_text": "451 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6842ca684b5413baf27aa136", "name": "Satori Threat Intelligence Disruption: BADBOX 2.0 Targets Consumer Devices with Multiple Fraud Schemes - HUMAN Security", "description": "Learn more about HUMAN, the artificial intelligence company designed to prevent bot attacks and fraud on ad tech platforms and digital publishers, from exploiting customers' valuable online accounts and other online services, and from partners.", "modified": "2025-06-06T11:00:56.776000", "created": "2025-06-06T11:00:56.776000", "tags": [], "references": [ "https://humansecurity.com/learn/blog/satori-threat-intelligence-disruption-badbox-2-0/" ], "public": 1, "adversary": "Lemon", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 19, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunter_NL", "id": "171283", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_171283/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 110, "hostname": 1 }, "indicator_count": 111, "is_author": false, "is_subscribing": null, "subscriber_count": 864, "modified_text": "359 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "67ca9b25d3c18153af18075d", "name": "IOC&TTP - Satori Threat Intelligence Disruption BADBOX 2.0 Targets Consumer Devices with Multiple Fraud Schemes", "description": "HUMAN Satori \u5a01\u80c1\u60c5\u62a5\u56e2\u961f\u6700\u8fd1\u53d1\u73b0\u5e76\u90e8\u5206\u7834\u574f\u4e86\u4e00\u4e2a\u540d\u4e3a BADBOX 2.0 \u7684\u5927\u89c4\u6a21\u7f51\u7edc\u6b3a\u8bc8\u884c\u52a8\u3002\u8be5\u884c\u52a8\u662f 2023 \u5e74 BADBOX \u64cd\u4f5c\u7684\u5347\u7ea7\u7248\uff0c\u88ab\u8ba4\u4e3a\u662f \u8fc4\u4eca\u53d1\u73b0\u7684\u6700\u5927\u8054\u7f51\u7535\u89c6\uff08CTV\uff09\u50f5\u5c38\u7f51\u7edc\uff0c\u6d89\u53ca \u8d85\u8fc7 100 \u4e07\u53f0\u6d88\u8d39\u7535\u5b50\u8bbe\u5907\u3002BADBOX 2.0 \u901a\u8fc7\u5728\u4f4e\u6210\u672c Android \u5f00\u6e90\u9879\u76ee\uff08AOSP\uff09\u8bbe\u5907\u4e0a\u690d\u5165\u540e\u95e8\uff0c\u5141\u8bb8\u653b\u51fb\u8005\u8fdc\u7a0b\u90e8\u7f72\u6b3a\u8bc8\u6a21\u5757\uff0c\u7528\u4e8e \u5e7f\u544a\u6b3a\u8bc8\u3001\u70b9\u51fb\u6b3a\u8bc8\u3001DDoS \u653b\u51fb\u3001\u6076\u610f\u8f6f\u4ef6\u5206\u53d1\uff0c\u751a\u81f3\u5c06\u8bbe\u5907\u4f5c\u4e3a\u4f4f\u5b85\u4ee3\u7406\uff08Residential Proxy\uff09\u670d\u52a1\u7684\u4e00\u90e8\u5206\u3002", "modified": "2025-03-10T02:49:15.961000", "created": "2025-03-07T07:07:17.807000", "tags": [ "vo1d", "ctv", "bb2door", "botnet", "backdoor", "iot", "residential proxy", "ad fraud", "click fraud", "badbox 2.0", "badbox" ], "references": [ "https://www.humansecurity.com/learn/blog/satori-threat-intelligence-disruption-badbox-2-0/" ], "public": 1, "adversary": "BADBOX 2.0", "targeted_countries": [], "malware_families": [ { "id": "BADBOX", "display_name": "BADBOX", "target": null } ], "attack_ids": [ { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1608.001", "name": "Upload Malware", "display_name": "T1608.001 - Upload Malware" }, { "id": "T1608", "name": "Stage Capabilities", "display_name": "T1608 - Stage Capabilities" }, { "id": "T1104", "name": "Multi-Stage Channels", "display_name": "T1104 - Multi-Stage Channels" }, { "id": "T1059.004", "name": "Unix Shell", "display_name": "T1059.004 - Unix Shell" }, { "id": "T1001", "name": "Data Obfuscation", "display_name": "T1001 - Data Obfuscation" }, { "id": "T1571", "name": "Non-Standard Port", "display_name": "T1571 - Non-Standard Port" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" } ], "industries": [], "TLP": "white", "cloned_from": "67c99587958ded87f3a219f3", "export_count": 10, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "celestre", "id": "295357", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 59 }, "indicator_count": 59, "is_author": false, "is_subscribing": null, "subscriber_count": 139, "modified_text": "447 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "vmud.net", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "vmud.net", "found": false, "verdict": "clean", "urls": [], "error": null }, "from_cache": true, "_cached_at": 1780274256.451698 }