{
    "id": "1780880",
    "ioc": "meki.google.co.ws",
    "ioc_type": "domain",
    "threat_type": "botnet_cc",
    "malware": "php.wso",
    "malware_printable": "WSO",
    "malware_alias": "Webshell by Orb",
    "confidence_level": "80",
    "first_seen": "2026-04-04 07:08:58 UTC",
    "last_seen": null,
    "reporter": null,
    "reference": "https:\/\/www.rycerz.xyz\/posts\/wp-compromise-post-attack-analysis\/",
    "threatfox_link": "https:\/\/threatfox\/ioc\/1780880",
    "tags": [
        "Beacon",
        "campaign-a",
        "filesmanager",
        "google-impersonation",
        "mainhack",
        "PHP",
        "webshell",
        "WordPress"
    ]
}