{ "type": "Domain", "indicator": "whatzapps.net", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/whatzapps.net", "alexa": "http://www.alexa.com/siteinfo/whatzapps.net", "indicator": "whatzapps.net", "type": "domain", "type_title": "Domain", "validation": [], "base_indicator": { "id": 885295899, "indicator": "whatzapps.net", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 1, "pulses": [ { "id": "5d88e9ca5293654ab1f90e1a", "name": "xHunt Campaign: Attacks on Kuwait Shipping and Transportation Organizations", "description": "Between May and June 2019, Unit 42 observed previously unknown tools used in the targeting of transportation and shipping organizations based in Kuwait.\n\nThe first known attack in this campaign targeted a Kuwait transportation and shipping company in which the actors installed a backdoor tool named Hisoka. Several custom tools were later downloaded to the system in order to carry out post-exploitation activities. All of these tools appear to have been created by the same developer. We were able to collect several variations of these tools including one dating back to July 2018.", "modified": "2019-09-23T15:50:34.406000", "created": "2019-09-23T15:50:34.406000", "tags": [ "oilrig" ], "references": [ "https://unit42.paloaltonetworks.com/xhunt-campaign-attacks-on-kuwait-shipping-and-transportation-organizations/" ], "public": 1, "adversary": "OilRig", "targeted_countries": [ "Kuwait" ], "malware_families": [], "attack_ids": [], "industries": [ "Energy" ], "TLP": "white", "cloned_from": null, "export_count": 65, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "domain": 10, "FileHash-SHA256": 1, "hostname": 15, "email": 1 }, "indicator_count": 27, "is_author": false, "is_subscribing": null, "subscriber_count": 386514, "modified_text": "2441 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "references": [ "https://unit42.paloaltonetworks.com/xhunt-campaign-attacks-on-kuwait-shipping-and-transportation-organizations/" ], "related": { "alienvault": { "adversary": [ "OilRig" ], "malware_families": [], "industries": [ "Energy" ] }, "other": { "adversary": [], "malware_families": [], "industries": [] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 1, "pulses": [ { "id": "5d88e9ca5293654ab1f90e1a", "name": "xHunt Campaign: Attacks on Kuwait Shipping and Transportation Organizations", "description": "Between May and June 2019, Unit 42 observed previously unknown tools used in the targeting of transportation and shipping organizations based in Kuwait.\n\nThe first known attack in this campaign targeted a Kuwait transportation and shipping company in which the actors installed a backdoor tool named Hisoka. Several custom tools were later downloaded to the system in order to carry out post-exploitation activities. All of these tools appear to have been created by the same developer. We were able to collect several variations of these tools including one dating back to July 2018.", "modified": "2019-09-23T15:50:34.406000", "created": "2019-09-23T15:50:34.406000", "tags": [ "oilrig" ], "references": [ "https://unit42.paloaltonetworks.com/xhunt-campaign-attacks-on-kuwait-shipping-and-transportation-organizations/" ], "public": 1, "adversary": "OilRig", "targeted_countries": [ "Kuwait" ], "malware_families": [], "attack_ids": [], "industries": [ "Energy" ], "TLP": "white", "cloned_from": null, "export_count": 65, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "domain": 10, "FileHash-SHA256": 1, "hostname": 15, "email": 1 }, "indicator_count": 27, "is_author": false, "is_subscribing": null, "subscriber_count": 386514, "modified_text": "2441 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "whatzapps.net", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "whatzapps.net", "found": false, "verdict": "clean", "urls": [], "error": null }, "from_cache": true, "_cached_at": 1780204443.9672253 }