{ "type": "bundle", "id": "bundle--1ecc42d0-03dc-4ed6-967b-b2e695983a96", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--018ab958-b94d-441e-991f-a101a5144848", "created": "2023-03-08T12:51:42.869471Z", "modified": "2024-11-07T23:01:18.079469Z", "name": "SentinelOne", "identity_class": "organization" }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--af23e459-430c-4a0c-a427-8ed51ad668de", "value": "bit-albania.com" }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--ae3b7c06-867f-4f25-9c35-5cfa5f4d6230", "value": "namsouth.com" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--c5e8eaa4-5779-47eb-8a3c-e39f8b1008ff", "created": "2026-06-24T23:56:23.122924Z", "modified": "2026-06-24T23:56:23.122924Z", "name": "YARA Rule", "pattern": "rule apt_nk_kimsuky_phishing_script { condition: vt.net.url.new_url and vt.net.url.downloaded_file.sha256 == \"256fa5009e8e82258876325b7d36f41cc3e74e85627663206b042eec8736ce6a\" }", "pattern_type": "yara", "valid_from": "2023-08-01T00:00:00Z" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d2fd030f-629b-4548-a2d2-36c67d16c182", "created": "2026-06-24T23:56:23.123604Z", "modified": "2026-06-24T23:56:23.123604Z", "name": "YARA Rule", "pattern": "rule usps_phisher_tracker { condition: for any tracker in vt.net.url.trackers: ( tracker.id == \"93030690\") }", "pattern_type": "yara", "valid_from": "2023-08-01T00:00:00Z" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--0faf93de-99a1-4afa-8b38-847e7d190344", "created": "2026-06-24T23:56:23.124215Z", "modified": "2026-06-24T23:56:23.124215Z", "name": "YARA Rule", "pattern": "rule aws_monitor_2 { condition: vt.net.domain.new_domain and (vt.net.url.favicon.dhash == \"4026d4f494f8738c\" //AWS Name Icon or vt.net.url.favicon.dhash == \"c8e3b88aaa88cbf8\" //AWS Docs Icon ) }", "pattern_type": "yara", "valid_from": "2023-08-01T00:00:00Z" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--7776634e-e7e6-44df-a6ae-0e29130087bc", "created": "2026-06-24T23:56:23.124872Z", "modified": "2026-06-24T23:56:23.124872Z", "name": "YARA Rule", "pattern": "rule aws_monitor { condition: vt.net.domain.new_domain and (vt.net.url.favicon.dhash == \"4026d4f494f8738c\" //AWS Name Icon or vt.net.url.favicon.dhash == \"c8e3b88aaa88cbf8\" //AWS Docs Icon or for any link in vt.net.url.outgoing_links: ( link matches /signin.aws.amazon\\.com.*/ ) or vt.net.domain.raw matches /aws/) }", "pattern_type": "yara", "valid_from": "2023-08-01T00:00:00Z" }, { "type": "file", "spec_version": "2.1", "id": "file--3bb9d6af-fedd-4da2-a88b-121a50b221ea", "hashes": { "SHA-256": "256fa5009e8e82258876325b7d36f41cc3e74e85627663206b042eec8736ce6a" } }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--82852d59-5be1-4afd-85e2-9f8d71f98a98", "value": "reasope.org" }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--a035ffa2-4f90-47dd-90a3-7fa4381614d5", "value": "usps-onlines.biz" }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--096e911d-1c99-4b25-b43b-67c1571222e7", "value": "hankevin.cafe24.com" }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--ff346a0d-1832-4e56-8643-7a83c544fbed", "value": "csmss.org" }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--d102244a-0f49-44c4-9d1b-5732d42fd656", "value": "flash-x32-adobe-add-on.exedl.netprog.net" }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--627093e7-7196-46dd-a0c7-4d78d700a948", "value": "super-trackings.com" }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--2e68289f-e048-46cf-99fa-3ce71ca71bfb", "value": "educacionit.com" }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--4cc03988-3048-4062-bef8-9a79519847e4", "value": "absolutemedia.net" }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--23b739a7-1753-4490-9a9e-e2472247d71d", "value": "jacobsenfamilyholdings.com" }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--a9dbc093-71e1-43b0-9200-44aa9da47c95", "value": "tracking-checks.me" }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--c9400ae1-2f90-4f56-b64f-695ac6b40b49", "value": "blogtify.com" }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--9f14ffeb-f3b8-475a-8e0f-f59c61140873", "value": "vt.net" }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--86cb353a-9284-40ca-8a0b-b8fe9b431f28", "value": "aprendizajevirtual.une.net.co" }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--96545835-b726-4520-9108-a2df8bca4804", "value": "voesami.com" }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--35e62bb9-39c5-4bd7-8993-efec46fed000", "value": "stmwa.de" }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--7633e7af-068a-4805-bb03-f25a9b863a65", "value": "hetclick.biz" }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--12addbbf-8d54-4941-ac78-dc8e05916d84", "value": "renaissancenft.io" }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--77d68ea4-73ac-49cc-ab8d-e17217dd10ad", "value": "kevinspie.co.kr" }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--39904516-a0ef-4748-843c-df7d3b4967e8", "value": "diy-trackng.com" }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--69c39ea6-ea04-4182-8689-8cca5e1adfe5", "value": "uspps-onlynee.biz" }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--975c4102-c127-4f4a-bad0-00769573237b", "value": "goodstracks.me" }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--5b59f394-f210-4f20-becc-6ea989da5e40", "value": "usps.tracking-check.me" }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--61597093-ea9a-44d6-ba85-f3f54eaf1cad", "value": "chromatogramma.ru" }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--32d8146b-67b0-4ba1-8666-c64a4efa167f", "value": "174.138.30.233" }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--cb77eac3-34a2-40d5-8cbc-93c9dec53618", "value": "217.219.131.139" }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--45e4ce23-a5ae-4e2c-84da-8b31c0da51e5", "value": "108.179.214.134" }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--aecb7155-8b2d-4d36-898b-8d01f3988f20", "value": "167.172.113.157" }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--b72c92f0-b1fd-4339-a853-fb498113af9f", "value": "okbus.or.kr" }, { "type": "threat-actor", "spec_version": "2.1", "id": "threat-actor--3cad7692-b5b4-565b-88b1-63998b3f44a1", "created": "2026-06-24T23:56:23.138532Z", "modified": "2026-06-24T23:56:23.138532Z", "name": "Kimsuky" }, { "type": "report", "spec_version": "2.1", "id": "report--649eb12f-816e-402b-bcfc-df5df88b3d16", "created_by_ref": "identity--018ab958-b94d-441e-991f-a101a5144848", "created": "2026-06-24T23:56:23.139573Z", "modified": "2026-06-24T23:56:23.139573Z", "name": "Illicit Brand Impersonation | A Threat Hunting Approach", "published": "2023-08-01T00:00:00Z", "object_refs": [ "identity--018ab958-b94d-441e-991f-a101a5144848", "domain-name--af23e459-430c-4a0c-a427-8ed51ad668de", "domain-name--ae3b7c06-867f-4f25-9c35-5cfa5f4d6230", "indicator--c5e8eaa4-5779-47eb-8a3c-e39f8b1008ff", "indicator--d2fd030f-629b-4548-a2d2-36c67d16c182", "indicator--0faf93de-99a1-4afa-8b38-847e7d190344", "indicator--7776634e-e7e6-44df-a6ae-0e29130087bc", "file--3bb9d6af-fedd-4da2-a88b-121a50b221ea", "domain-name--82852d59-5be1-4afd-85e2-9f8d71f98a98", "domain-name--a035ffa2-4f90-47dd-90a3-7fa4381614d5", "domain-name--096e911d-1c99-4b25-b43b-67c1571222e7", "domain-name--ff346a0d-1832-4e56-8643-7a83c544fbed", "domain-name--d102244a-0f49-44c4-9d1b-5732d42fd656", "domain-name--627093e7-7196-46dd-a0c7-4d78d700a948", "domain-name--2e68289f-e048-46cf-99fa-3ce71ca71bfb", "domain-name--4cc03988-3048-4062-bef8-9a79519847e4", "domain-name--23b739a7-1753-4490-9a9e-e2472247d71d", "domain-name--a9dbc093-71e1-43b0-9200-44aa9da47c95", "domain-name--c9400ae1-2f90-4f56-b64f-695ac6b40b49", "domain-name--9f14ffeb-f3b8-475a-8e0f-f59c61140873", "domain-name--86cb353a-9284-40ca-8a0b-b8fe9b431f28", "domain-name--96545835-b726-4520-9108-a2df8bca4804", "domain-name--35e62bb9-39c5-4bd7-8993-efec46fed000", "domain-name--7633e7af-068a-4805-bb03-f25a9b863a65", "domain-name--12addbbf-8d54-4941-ac78-dc8e05916d84", "domain-name--77d68ea4-73ac-49cc-ab8d-e17217dd10ad", "domain-name--39904516-a0ef-4748-843c-df7d3b4967e8", "domain-name--69c39ea6-ea04-4182-8689-8cca5e1adfe5", "domain-name--975c4102-c127-4f4a-bad0-00769573237b", "domain-name--5b59f394-f210-4f20-becc-6ea989da5e40", "domain-name--61597093-ea9a-44d6-ba85-f3f54eaf1cad", "ipv4-addr--32d8146b-67b0-4ba1-8666-c64a4efa167f", "ipv4-addr--cb77eac3-34a2-40d5-8cbc-93c9dec53618", "ipv4-addr--45e4ce23-a5ae-4e2c-84da-8b31c0da51e5", "ipv4-addr--aecb7155-8b2d-4d36-898b-8d01f3988f20", "domain-name--b72c92f0-b1fd-4339-a853-fb498113af9f", "threat-actor--3cad7692-b5b4-565b-88b1-63998b3f44a1" ], "external_references": [ { "source_name": "source", "url": "https://www.sentinelone.com/blog/illicit-brand-impersonation-a-threat-hunting-approach/" } ] } ] }