{ "type": "Domain", "indicator": "webmailssl.it", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/webmailssl.it", "alexa": "http://www.alexa.com/siteinfo/webmailssl.it", "indicator": "webmailssl.it", "type": "domain", "type_title": "Domain", "validation": [], "base_indicator": { "id": 4071511122, "indicator": "webmailssl.it", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 3, "pulses": [ { "id": "68375d67e362319a3f668c74", "name": "Aruba", "description": "", "modified": "2025-12-04T01:09:41.256000", "created": "2025-05-28T19:00:55.731000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "skocherhan", "id": "249290", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_249290/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 85, "FileHash-MD5": 48, "FileHash-SHA1": 48, "FileHash-SHA256": 201, "domain": 13, "hostname": 16 }, "indicator_count": 411, "is_author": false, "is_subscribing": null, "subscriber_count": 182, "modified_text": "178 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "684d37e781f08038da25951b", "name": "spamita", "description": "", "modified": "2025-12-04T01:09:29.428000", "created": "2025-06-14T08:50:47.064000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [ "Italy" ], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "skocherhan", "id": "249290", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_249290/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 51, "FileHash-MD5": 8, "FileHash-SHA1": 10, "FileHash-SHA256": 150, "domain": 27, "email": 1, "hostname": 36 }, "indicator_count": 283, "is_author": false, "is_subscribing": null, "subscriber_count": 182, "modified_text": "178 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "683833653719c041d3a9478d", "name": "AsyncRAT Campaign in Italy: Steganographic Components Used for Distribution.", "description": "The Italian CERT-AGID has uncovered a new AsyncRAT campaign targeting users in Italy, leveraging steganographic techniques to conceal malicious payloads. This report details the attack methodology, including how threat actors embed malware within seemingly benign files to evade detection.", "modified": "2025-05-29T10:13:57.109000", "created": "2025-05-29T10:13:57.109000", "tags": [ "asyncrat", "download ioc", "italia", "arabian", "javascript", "aruba drive", "remcos", "formbook", "avemaria", "masslogger", "stata", "telegram", "actfildl1", "publicuid", "quotation" ], "references": [ "https://cert-agid.gov.it/news/asyncrat-distribuito-in-italia-tramite-componenti-steganografici/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "AsyncRAT", "display_name": "AsyncRAT", "target": null } ], "attack_ids": [ { "id": "T1204.002", "name": "Malicious File", "display_name": "T1204.002 - Malicious File" }, { "id": "T1564.003", "name": "Hidden Window", "display_name": "T1564.003 - Hidden Window" }, { "id": "T1059.001", "name": "PowerShell", "display_name": "T1059.001 - PowerShell" }, { "id": "T1056.001", "name": "Keylogging", "display_name": "T1056.001 - Keylogging" }, { "id": "T1113", "name": "Screen Capture", "display_name": "T1113 - Screen Capture" }, { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1005", "name": "Data from Local System", "display_name": "T1005 - Data from Local System" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1547.001", "name": "Registry Run Keys / Startup Folder", "display_name": "T1547.001 - Registry Run Keys / Startup Folder" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1041", "name": "Exfiltration Over C2 Channel", "display_name": "T1041 - Exfiltration Over C2 Channel" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 11, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "PetrP.73", "id": "154605", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 6, "FileHash-SHA1": 6, "FileHash-SHA256": 6, "URL": 16, "domain": 2, "hostname": 5 }, "indicator_count": 41, "is_author": false, "is_subscribing": null, "subscriber_count": 539, "modified_text": "367 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "references": [ "https://cert-agid.gov.it/news/asyncrat-distribuito-in-italia-tramite-componenti-steganografici/" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [] }, "other": { "adversary": [], "malware_families": [ "Asyncrat" ], "industries": [] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 3, "pulses": [ { "id": "68375d67e362319a3f668c74", "name": "Aruba", "description": "", "modified": "2025-12-04T01:09:41.256000", "created": "2025-05-28T19:00:55.731000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "skocherhan", "id": "249290", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_249290/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 85, "FileHash-MD5": 48, "FileHash-SHA1": 48, "FileHash-SHA256": 201, "domain": 13, "hostname": 16 }, "indicator_count": 411, "is_author": false, "is_subscribing": null, "subscriber_count": 182, "modified_text": "178 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "684d37e781f08038da25951b", "name": "spamita", "description": "", "modified": "2025-12-04T01:09:29.428000", "created": "2025-06-14T08:50:47.064000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [ "Italy" ], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "skocherhan", "id": "249290", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_249290/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 51, "FileHash-MD5": 8, "FileHash-SHA1": 10, "FileHash-SHA256": 150, "domain": 27, "email": 1, "hostname": 36 }, "indicator_count": 283, "is_author": false, "is_subscribing": null, "subscriber_count": 182, "modified_text": "178 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "683833653719c041d3a9478d", "name": "AsyncRAT Campaign in Italy: Steganographic Components Used for Distribution.", "description": "The Italian CERT-AGID has uncovered a new AsyncRAT campaign targeting users in Italy, leveraging steganographic techniques to conceal malicious payloads. This report details the attack methodology, including how threat actors embed malware within seemingly benign files to evade detection.", "modified": "2025-05-29T10:13:57.109000", "created": "2025-05-29T10:13:57.109000", "tags": [ "asyncrat", "download ioc", "italia", "arabian", "javascript", "aruba drive", "remcos", "formbook", "avemaria", "masslogger", "stata", "telegram", "actfildl1", "publicuid", "quotation" ], "references": [ "https://cert-agid.gov.it/news/asyncrat-distribuito-in-italia-tramite-componenti-steganografici/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "AsyncRAT", "display_name": "AsyncRAT", "target": null } ], "attack_ids": [ { "id": "T1204.002", "name": "Malicious File", "display_name": "T1204.002 - Malicious File" }, { "id": "T1564.003", "name": "Hidden Window", "display_name": "T1564.003 - Hidden Window" }, { "id": "T1059.001", "name": "PowerShell", "display_name": "T1059.001 - PowerShell" }, { "id": "T1056.001", "name": "Keylogging", "display_name": "T1056.001 - Keylogging" }, { "id": "T1113", "name": "Screen Capture", "display_name": "T1113 - Screen Capture" }, { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1005", "name": "Data from Local System", "display_name": "T1005 - Data from Local System" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1547.001", "name": "Registry Run Keys / Startup Folder", "display_name": "T1547.001 - Registry Run Keys / Startup Folder" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1041", "name": "Exfiltration Over C2 Channel", "display_name": "T1041 - Exfiltration Over C2 Channel" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 11, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "PetrP.73", "id": "154605", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 6, "FileHash-SHA1": 6, "FileHash-SHA256": 6, "URL": 16, "domain": 2, "hostname": 5 }, "indicator_count": 41, "is_author": false, "is_subscribing": null, "subscriber_count": 539, "modified_text": "367 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "webmailssl.it", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "webmailssl.it", "found": false, "verdict": "clean", "urls": [], "error": null }, "from_cache": true, "_cached_at": 1780267602.68472 }