{ "type": "MD5", "indicator": "0d9be54a980f2df875d70f5f3e7bc03f", "general": { "sections": [ "general", "analysis" ], "type": "md5", "type_title": "FileHash-MD5", "indicator": "0d9be54a980f2df875d70f5f3e7bc03f", "validation": [], "base_indicator": { "id": 1587414247, "indicator": "0d9be54a980f2df875d70f5f3e7bc03f", "type": "FileHash-MD5", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 3, "pulses": [ { "id": "55db51554637f21c54c19363", "name": "New activity of the Blue Termite APT", "description": "In October 2014, Kaspersky Lab started to research \u201cBlue Termite\u201d, an Advanced Persistent Threat (APT) targeting Japan. The oldest sample we\u2019ve seen up to now is from November 2013. This is not the first time the country has been a victim of an APT. However, the attack is different in two respects: unlike other APTs, the main focus of Blue Termite is to attack Japanese organizations; and most of their C2s are located in Japan. One of the top targets is the Japan Pension Service, but the list of targeted industries includes government and government agencies, local governments, public interest groups, universities, banks, financial services, energy, communication, heavy industry, chemical, automotive, electrical, news media, information services sector, health care, real estate, food, semiconductor, robotics, construction, insurance, transportation and so on. Unfortunately, the attack is still active and the number of victims has been increasing.", "modified": "2018-11-27T11:36:20.713000", "created": "2015-08-24T17:16:05.053000", "tags": [ "blue termite", "japan", "apt", "flash", "emdivi", "kaspersky" ], "references": [ "https://securelist.com/blog/research/71876/new-activity-of-the-blue-termite-apt/", "https://www.macnica.net/file/security_report_20160613.pdf" ], "public": 1, "adversary": null, "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 49, "upvotes_count": 4.0, "downvotes_count": 0.0, "votes_count": 4.0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "URL": 64, "FileHash-MD5": 199, "CVE": 2, "YARA": 5, "FileHash-SHA256": 11, "hostname": 25, "domain": 12 }, "indicator_count": 318, "is_author": false, "is_subscribing": null, "subscriber_count": 386608, "modified_text": "2742 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "FileHash-MD5", "related_indicator_is_active": 1 }, { "id": "63456c2a30b92337ea1670e0", "name": "IOC Records Provided by @NextRayAI", "description": "This IOC report provided and daily updated by NextRay AI Detection & Response Inc.", "modified": "2026-05-31T01:02:14", "created": "2022-10-11T13:14:18.676000", "tags": [ "Nextray", "cyber security", "ioc", "phishing", "malicious" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Turkey", "Ukraine", "Romania", "Czechia", "United Kingdom of Great Britain and Northern Ireland", "Norway", "Lithuania", "Estonia", "Latvia", "Poland", "Germany", "Canada", "France", "Denmark" ], "malware_families": [], "attack_ids": [], "industries": [ "Defense", "Industrial", "Government" ], "TLP": "white", "cloned_from": null, "export_count": 1330, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "NextRay-AI", "id": "210822", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_210822/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 498917, "IPv4": 64343, "IPv6": 459, "hostname": 59385, "URL": 166783, "CIDR": 5266, "FileHash-MD5": 29699, "FileHash-SHA256": 50449, "CVE": 348, "email": 914, "Mutex": 49, "FileHash-SHA1": 3453, "FilePath": 34 }, "indicator_count": 880099, "is_author": false, "is_subscribing": null, "subscriber_count": 300, "modified_text": "22 hours ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "FileHash-MD5", "related_indicator_is_active": 1 }, { "id": "65b547b7c93850be1704f114", "name": "my-dfgroup", "description": "", "modified": "2024-01-27T18:13:11.492000", "created": "2024-01-27T18:13:11.492000", "tags": [ "blue termite", "japan", "apt", "flash", "emdivi", "kaspersky" ], "references": [ "https://securelist.com/blog/research/71876/new-activity-of-the-blue-termite-apt/", "https://www.macnica.net/file/security_report_20160613.pdf" ], "public": 1, "adversary": null, "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": "55db51554637f21c54c19363", "export_count": 6, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "christopherbrou", "id": "265508", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 64, "FileHash-MD5": 199, "CVE": 2, "YARA": 5, "FileHash-SHA256": 11, "hostname": 25, "domain": 12 }, "indicator_count": 318, "is_author": false, "is_subscribing": null, "subscriber_count": 0, "modified_text": "855 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "FileHash-MD5", "related_indicator_is_active": 1 } ], "references": [ "https://securelist.com/blog/research/71876/new-activity-of-the-blue-termite-apt/", "https://www.macnica.net/file/security_report_20160613.pdf" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [] }, "other": { "adversary": [], "malware_families": [], "industries": [ "Industrial", "Defense", "Government" ] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 3, "pulses": [ { "id": "55db51554637f21c54c19363", "name": "New activity of the Blue Termite APT", "description": "In October 2014, Kaspersky Lab started to research \u201cBlue Termite\u201d, an Advanced Persistent Threat (APT) targeting Japan. The oldest sample we\u2019ve seen up to now is from November 2013. This is not the first time the country has been a victim of an APT. However, the attack is different in two respects: unlike other APTs, the main focus of Blue Termite is to attack Japanese organizations; and most of their C2s are located in Japan. One of the top targets is the Japan Pension Service, but the list of targeted industries includes government and government agencies, local governments, public interest groups, universities, banks, financial services, energy, communication, heavy industry, chemical, automotive, electrical, news media, information services sector, health care, real estate, food, semiconductor, robotics, construction, insurance, transportation and so on. Unfortunately, the attack is still active and the number of victims has been increasing.", "modified": "2018-11-27T11:36:20.713000", "created": "2015-08-24T17:16:05.053000", "tags": [ "blue termite", "japan", "apt", "flash", "emdivi", "kaspersky" ], "references": [ "https://securelist.com/blog/research/71876/new-activity-of-the-blue-termite-apt/", "https://www.macnica.net/file/security_report_20160613.pdf" ], "public": 1, "adversary": null, "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 49, "upvotes_count": 4.0, "downvotes_count": 0.0, "votes_count": 4.0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "URL": 64, "FileHash-MD5": 199, "CVE": 2, "YARA": 5, "FileHash-SHA256": 11, "hostname": 25, "domain": 12 }, "indicator_count": 318, "is_author": false, "is_subscribing": null, "subscriber_count": 386608, "modified_text": "2742 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "FileHash-MD5", "related_indicator_is_active": 1 }, { "id": "63456c2a30b92337ea1670e0", "name": "IOC Records Provided by @NextRayAI", "description": "This IOC report provided and daily updated by NextRay AI Detection & Response Inc.", "modified": "2026-05-31T01:02:14", "created": "2022-10-11T13:14:18.676000", "tags": [ "Nextray", "cyber security", "ioc", "phishing", "malicious" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Turkey", "Ukraine", "Romania", "Czechia", "United Kingdom of Great Britain and Northern Ireland", "Norway", "Lithuania", "Estonia", "Latvia", "Poland", "Germany", "Canada", "France", "Denmark" ], "malware_families": [], "attack_ids": [], "industries": [ "Defense", "Industrial", "Government" ], "TLP": "white", "cloned_from": null, "export_count": 1330, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "NextRay-AI", "id": "210822", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_210822/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 498917, "IPv4": 64343, "IPv6": 459, "hostname": 59385, "URL": 166783, "CIDR": 5266, "FileHash-MD5": 29699, "FileHash-SHA256": 50449, "CVE": 348, "email": 914, "Mutex": 49, "FileHash-SHA1": 3453, "FilePath": 34 }, "indicator_count": 880099, "is_author": false, "is_subscribing": null, "subscriber_count": 300, "modified_text": "22 hours ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "FileHash-MD5", "related_indicator_is_active": 1 }, { "id": "65b547b7c93850be1704f114", "name": "my-dfgroup", "description": "", "modified": "2024-01-27T18:13:11.492000", "created": "2024-01-27T18:13:11.492000", "tags": [ "blue termite", "japan", "apt", "flash", "emdivi", "kaspersky" ], "references": [ "https://securelist.com/blog/research/71876/new-activity-of-the-blue-termite-apt/", "https://www.macnica.net/file/security_report_20160613.pdf" ], "public": 1, "adversary": null, "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": "55db51554637f21c54c19363", "export_count": 6, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "christopherbrou", "id": "265508", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 64, "FileHash-MD5": 199, "CVE": 2, "YARA": 5, "FileHash-SHA256": 11, "hostname": 25, "domain": 12 }, "indicator_count": 318, "is_author": false, "is_subscribing": null, "subscriber_count": 0, "modified_text": "855 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "FileHash-MD5", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "0d9be54a980f2df875d70f5f3e7bc03f", "type": "Hash" }, "abuseipdb": null, "urlhaus": { "indicator": "0d9be54a980f2df875d70f5f3e7bc03f", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1780269875.8461642 }