{ "type": "Domain", "indicator": "wireles-communication.com", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/wireles-communication.com", "alexa": "http://www.alexa.com/siteinfo/wireles-communication.com", "indicator": "wireles-communication.com", "type": "domain", "type_title": "Domain", "validation": [], "base_indicator": { "id": 2300042792, "indicator": "wireles-communication.com", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 1, "pulses": [ { "id": "64f6d5bc3226451dfc4ea8eb", "name": "Leveraging 16shop Phishing Kit for Vast Exploitation", "description": "Trend Vision One provides a comprehensive guide to the best ways to protect your business from cyber-attacks, threats and other threats in the modern world, as well as the latest 5G network and cloud-native apps.", "modified": "2023-10-05T07:05:26.542000", "created": "2023-09-05T07:16:12.327000", "tags": [ "phishing", "malware", "endpoints", "cyber crime", "articles", "news", "reports", "cyber threats", "learn", "apple", "trend micro", "indonesia", "interpol", "cash app", "japan", "cloud security", "alliance", "paypal", "hybrid", "stop", "leverage", "protect", "small", "attack", "august", "agenttesla", "service", "april", "phoenix", "cyber", "crime", "tech", "find", "email", "business email", "compromise", "research", "spam", "ave maria", "negasteal", "security", "response", "understand", "warzone", "autoit", "malspam", "agent tesla", "trojan", "powershell", "frenchy", "trojanspy" ], "references": [ "https://www.trendmicro.com/en_us/research/23/i/revisiting-16shop-phishing-kit-trend-interpol-partnership.html", "https://www.trendmicro.com/content/dam/trendmicro/global/en/research/21/j/analyzing-email-services-abused-for-business-email-compromise/IOCs-analyzing-email-services-abused-for-BEC.txt", "https://www.trendmicro.com/en_us/research/19/j/autoit-compiled-negasteal-agent-tesla-ave-maria-delivered-via-malspam.html" ], "public": 1, "adversary": "", "targeted_countries": [ "Germany", "Japan", "China", "France", "Spain", "Malaysia", "Thailand", "Netherlands" ], "malware_families": [ { "id": "Frenchy", "display_name": "Frenchy", "target": null }, { "id": "Agent Tesla", "display_name": "Agent Tesla", "target": null }, { "id": "Negasteal", "display_name": "Negasteal", "target": null }, { "id": "TrojanSpy", "display_name": "TrojanSpy", "target": null }, { "id": "Ave Maria", "display_name": "Ave Maria", "target": null } ], "attack_ids": [ { "id": "T1199", "name": "Trusted Relationship", "display_name": "T1199 - Trusted Relationship" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1176", "name": "Browser Extensions", "display_name": "T1176 - Browser Extensions" } ], "industries": [ "Financial" ], "TLP": "white", "cloned_from": null, "export_count": 22, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "cryptocti", "id": "110256", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_110256/resized/80/avatar_e237a4257c.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 28, "hostname": 1, "FileHash-SHA1": 2 }, "indicator_count": 31, "is_author": false, "is_subscribing": null, "subscriber_count": 499, "modified_text": "970 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "references": [ "https://www.trendmicro.com/content/dam/trendmicro/global/en/research/21/j/analyzing-email-services-abused-for-business-email-compromise/IOCs-analyzing-email-services-abused-for-BEC.txt", "https://www.trendmicro.com/en_us/research/23/i/revisiting-16shop-phishing-kit-trend-interpol-partnership.html", "https://www.trendmicro.com/en_us/research/19/j/autoit-compiled-negasteal-agent-tesla-ave-maria-delivered-via-malspam.html" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [] }, "other": { "adversary": [], "malware_families": [ "Frenchy", "Ave maria", "Agent tesla", "Trojanspy", "Negasteal" ], "industries": [ "Financial" ] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 1, "pulses": [ { "id": "64f6d5bc3226451dfc4ea8eb", "name": "Leveraging 16shop Phishing Kit for Vast Exploitation", "description": "Trend Vision One provides a comprehensive guide to the best ways to protect your business from cyber-attacks, threats and other threats in the modern world, as well as the latest 5G network and cloud-native apps.", "modified": "2023-10-05T07:05:26.542000", "created": "2023-09-05T07:16:12.327000", "tags": [ "phishing", "malware", "endpoints", "cyber crime", "articles", "news", "reports", "cyber threats", "learn", "apple", "trend micro", "indonesia", "interpol", "cash app", "japan", "cloud security", "alliance", "paypal", "hybrid", "stop", "leverage", "protect", "small", "attack", "august", "agenttesla", "service", "april", "phoenix", "cyber", "crime", "tech", "find", "email", "business email", "compromise", "research", "spam", "ave maria", "negasteal", "security", "response", "understand", "warzone", "autoit", "malspam", "agent tesla", "trojan", "powershell", "frenchy", "trojanspy" ], "references": [ "https://www.trendmicro.com/en_us/research/23/i/revisiting-16shop-phishing-kit-trend-interpol-partnership.html", "https://www.trendmicro.com/content/dam/trendmicro/global/en/research/21/j/analyzing-email-services-abused-for-business-email-compromise/IOCs-analyzing-email-services-abused-for-BEC.txt", "https://www.trendmicro.com/en_us/research/19/j/autoit-compiled-negasteal-agent-tesla-ave-maria-delivered-via-malspam.html" ], "public": 1, "adversary": "", "targeted_countries": [ "Germany", "Japan", "China", "France", "Spain", "Malaysia", "Thailand", "Netherlands" ], "malware_families": [ { "id": "Frenchy", "display_name": "Frenchy", "target": null }, { "id": "Agent Tesla", "display_name": "Agent Tesla", "target": null }, { "id": "Negasteal", "display_name": "Negasteal", "target": null }, { "id": "TrojanSpy", "display_name": "TrojanSpy", "target": null }, { "id": "Ave Maria", "display_name": "Ave Maria", "target": null } ], "attack_ids": [ { "id": "T1199", "name": "Trusted Relationship", "display_name": "T1199 - Trusted Relationship" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1176", "name": "Browser Extensions", "display_name": "T1176 - Browser Extensions" } ], "industries": [ "Financial" ], "TLP": "white", "cloned_from": null, "export_count": 22, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "cryptocti", "id": "110256", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_110256/resized/80/avatar_e237a4257c.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 28, "hostname": 1, "FileHash-SHA1": 2 }, "indicator_count": 31, "is_author": false, "is_subscribing": null, "subscriber_count": 499, "modified_text": "970 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "wireles-communication.com", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "wireles-communication.com", "found": false, "verdict": "clean", "urls": [], "error": null }, "from_cache": true, "_cached_at": 1780359075.7350914 }