{ "type": "MD5", "indicator": "71812ec5e06678096394b238210f0f7c", "general": { "sections": [ "general", "analysis" ], "type": "md5", "type_title": "FileHash-MD5", "indicator": "71812ec5e06678096394b238210f0f7c", "validation": [], "base_indicator": { "id": 4190200316, "indicator": "71812ec5e06678096394b238210f0f7c", "type": "FileHash-MD5", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 8, "pulses": [ { "id": "69f32ac81834d5a878e8fac0", "name": "Energy Sector Incident Report", "description": "On December 29, 2025, coordinated destructive cyberattacks targeted Poland's energy infrastructure during severe winter weather. Approximately 30 wind and solar farms, a manufacturing company, and a combined heat and power plant serving nearly 500,000 customers were affected. Attackers exploited vulnerable FortiGate perimeter devices using stolen credentials and default passwords to access industrial control systems. Multiple types of wiper malware, including DynoWiper and LazyWiper, were deployed to destroy data across IT and OT environments. While renewable facilities lost communication with distribution operators without affecting electricity generation, the incidents demonstrated significant capability to cause physical disruption. Infrastructure analysis revealed connections to threat clusters known as Static Tundra, Ghost Blizzard, and potentially Sandworm, marking a notable escalation in cyber-sabotage operations.", "modified": "2026-05-30T10:03:42.474000", "created": "2026-04-30T10:11:20.255000", "tags": [ "energy sector", "cve-2024-2617", "rubeus", "dynowiper", "lazywiper", "destructive operations", "fortigate exploitation", "combined heat power", "impacket", "renewable energy", "poland infrastructure", "industrial control systems", "wiper attack" ], "references": [ "https://cert.pl/uploads/docs/CERT_Polska_Energy_Sector_Incident_Report_2025.pdf" ], "public": 1, "adversary": "Static Tundra", "targeted_countries": [ "Poland" ], "malware_families": [ { "id": "DynoWiper", "display_name": "DynoWiper", "target": null }, { "id": "LazyWiper", "display_name": "LazyWiper", "target": null }, { "id": "Impacket", "display_name": "Impacket", "target": null }, { "id": "Rubeus", "display_name": "Rubeus", "target": null } ], "attack_ids": [], "industries": [ "Energy", "Manufacturing" ], "TLP": "white", "cloned_from": null, "export_count": 24, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 21, "FileHash-SHA1": 5, "FileHash-SHA256": 7, "URL": 5 }, "indicator_count": 38, "is_author": false, "is_subscribing": null, "subscriber_count": 386443, "modified_text": "8 hours ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "FileHash-MD5", "related_indicator_is_active": 1 }, { "id": "69f3bd5aef3274f6820fabc7", "name": "\"E:\\CTIA-Tools\\CTIA Module 05 Data Analysis\\Microsoft Threat Modeling Tool\\TMT7.application\"", "description": "", "modified": "2026-05-30T10:03:42.474000", "created": "2026-04-30T20:36:42.625000", "tags": [ "energy sector", "cve-2024-2617", "rubeus", "dynowiper", "lazywiper", "destructive operations", "fortigate exploitation", "combined heat power", "impacket", "renewable energy", "poland infrastructure", "industrial control systems", "wiper attack" ], "references": [ "https://cert.pl/uploads/docs/CERT_Polska_Energy_Sector_Incident_Report_2025.pdf" ], "public": 1, "adversary": "Static Tundra", "targeted_countries": [ "Poland" ], "malware_families": [ { "id": "DynoWiper", "display_name": "DynoWiper", "target": null }, { "id": "LazyWiper", "display_name": "LazyWiper", "target": null }, { "id": "Impacket", "display_name": "Impacket", "target": null }, { "id": "Rubeus", "display_name": "Rubeus", "target": null } ], "attack_ids": [], "industries": [ "Energy", "Manufacturing" ], "TLP": "white", "cloned_from": "69f32ac81834d5a878e8fac0", "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "olivershippy", "id": "401750", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 21, "FileHash-SHA1": 5, "FileHash-SHA256": 7, "URL": 5 }, "indicator_count": 38, "is_author": false, "is_subscribing": null, "subscriber_count": 1, "modified_text": "8 hours ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "FileHash-MD5", "related_indicator_is_active": 1 }, { "id": "69f3bd6814568df21249e586", "name": "\"E:\\CTIA-Tools\\CTIA Module 05 Data Analysis\\Microsoft Threat Modeling Tool\\TMT7.application\"", "description": "", "modified": "2026-05-30T10:03:42.474000", "created": "2026-04-30T20:36:56.263000", "tags": [ "energy sector", "cve-2024-2617", "rubeus", "dynowiper", "lazywiper", "destructive operations", "fortigate exploitation", "combined heat power", "impacket", "renewable energy", "poland infrastructure", "industrial control systems", "wiper attack" ], "references": [ "https://cert.pl/uploads/docs/CERT_Polska_Energy_Sector_Incident_Report_2025.pdf" ], "public": 1, "adversary": "Static Tundra", "targeted_countries": [ "Poland" ], "malware_families": [ { "id": "DynoWiper", "display_name": "DynoWiper", "target": null }, { "id": "LazyWiper", "display_name": "LazyWiper", "target": null }, { "id": "Impacket", "display_name": "Impacket", "target": null }, { "id": "Rubeus", "display_name": "Rubeus", "target": null } ], "attack_ids": [], "industries": [ "Energy", "Manufacturing" ], "TLP": "white", "cloned_from": "69f32ac81834d5a878e8fac0", "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "olivershippy", "id": "401750", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 21, "FileHash-SHA1": 5, "FileHash-SHA256": 7, "URL": 5 }, "indicator_count": 38, "is_author": false, "is_subscribing": null, "subscriber_count": 1, "modified_text": "8 hours ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "FileHash-MD5", "related_indicator_is_active": 1 }, { "id": "69f82582e230f0f8170c97fa", "name": "Energy Sector Incident Report", "description": "", "modified": "2026-05-30T10:03:42.474000", "created": "2026-05-04T04:50:10.429000", "tags": [ "energy sector", "cve-2024-2617", "rubeus", "dynowiper", "lazywiper", "destructive operations", "fortigate exploitation", "combined heat power", "impacket", "renewable energy", "poland infrastructure", "industrial control systems", "wiper attack" ], "references": [ "https://cert.pl/uploads/docs/CERT_Polska_Energy_Sector_Incident_Report_2025.pdf" ], "public": 1, "adversary": "Static Tundra", "targeted_countries": [ "Poland" ], "malware_families": [ { "id": "DynoWiper", "display_name": "DynoWiper", "target": null }, { "id": "LazyWiper", "display_name": "LazyWiper", "target": null }, { "id": "Impacket", "display_name": "Impacket", "target": null }, { "id": "Rubeus", "display_name": "Rubeus", "target": null } ], "attack_ids": [], "industries": [ "Energy", "Manufacturing" ], "TLP": "white", "cloned_from": "69f32ac81834d5a878e8fac0", "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Tr1sa111", "id": "192483", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 21, "FileHash-SHA1": 5, "FileHash-SHA256": 7, "URL": 5 }, "indicator_count": 38, "is_author": false, "is_subscribing": null, "subscriber_count": 278, "modified_text": "8 hours ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "FileHash-MD5", "related_indicator_is_active": 1 }, { "id": "69b8f03b3216aa326067f7a0", "name": "HANDALA-Iranian Nexus Actor", "description": "", "modified": "2026-04-18T12:01:34.910000", "created": "2026-03-17T06:10:03.844000", "tags": [ "filehashsha256", "filehashmd5", "filename", "filehashsha1" ], "references": [ "IOCs.2026.2.csv" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 17, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "IMEBEEIMFINE", "id": "343873", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 1, "FileHash-MD5": 127, "FileHash-SHA1": 92, "FileHash-SHA256": 117, "URL": 19, "domain": 27, "hostname": 4 }, "indicator_count": 387, "is_author": false, "is_subscribing": null, "subscriber_count": 47, "modified_text": "42 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "FileHash-MD5", "related_indicator_is_active": 1 }, { "id": "69b6563c0597ac612e644416", "name": "Iranian APT Actors-Pt5", "description": "", "modified": "2026-04-15T09:12:52.422000", "created": "2026-03-15T06:48:28.010000", "tags": [ "filehashsha256", "filehashmd5", "filename", "filehashsha1", "bitcoinaddress", "temp", "port8083 domain", "registry", "cve201711882", "cve20170199" ], "references": [ "IOCs.2026.2.csv" ], "public": 1, "adversary": "Cleaver, Handala, OilRig, RansomHouse, Leafminer, CopyKittens, Muddy Water, Wiper Malwares", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 20, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "IMEBEEIMFINE", "id": "343873", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 32, "FileHash-MD5": 261, "FileHash-SHA1": 191, "FileHash-SHA256": 291, "CIDR": 2, "CVE": 4, "domain": 95, "hostname": 23 }, "indicator_count": 899, "is_author": false, "is_subscribing": null, "subscriber_count": 43, "modified_text": "45 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "FileHash-MD5", "related_indicator_is_active": 1 }, { "id": "69801d4e81d469e1672d9061", "name": "IOC - Energy Sector Incident Report - 29 December 2025", "description": "On 29 December 2025, in the morning and afternoon hours, coordinated attacks took place in Polish cyberspace. They were directed at more than 30 wind and photovoltaic farms, a private company from the manufacturing sector, and a large combined heat and power plant supplying heat to almost half a million customers in Poland.", "modified": "2026-03-04T03:02:53.031000", "created": "2026-02-02T03:43:10.234000", "tags": [ "dynowiper", "powershell", "december", "november", "microsoft", "reverse proxy", "o365" ], "references": [ "https://cert.pl/uploads/docs/CERT_Polska_Energy_Sector_Incident_Report_2025.pdf" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "celestre", "id": "295357", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 16, "URL": 3 }, "indicator_count": 19, "is_author": false, "is_subscribing": null, "subscriber_count": 139, "modified_text": "87 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "FileHash-MD5", "related_indicator_is_active": 1 }, { "id": "697c9c3cf4eadd27a48d39ee", "name": "CERT Poland Energy Sector Incident Report - 29 December 2025", "description": "CERT Poland Energy Sector Incident Report - 29 December 2025 https://cert.pl/en/posts/2026/01/incident-report-energy-sector-2025/", "modified": "2026-03-01T11:01:20.435000", "created": "2026-01-30T11:55:40.288000", "tags": [], "references": [ "", "https://cert.pl/en/posts/2026/01/incident-report-energy-sector-2025/" ], "public": 1, "adversary": "Static Tundra", "targeted_countries": [ "Poland" ], "malware_families": [], "attack_ids": [], "industries": [ "Energy" ], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "kravietz2048", "id": "79070", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_79070/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 16 }, "indicator_count": 16, "is_author": false, "is_subscribing": null, "subscriber_count": 43, "modified_text": "90 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "FileHash-MD5", "related_indicator_is_active": 1 } ], "references": [ "", "https://cert.pl/en/posts/2026/01/incident-report-energy-sector-2025/", "IOCs.2026.2.csv", "https://cert.pl/uploads/docs/CERT_Polska_Energy_Sector_Incident_Report_2025.pdf" ], "related": { "alienvault": { "adversary": [ "Static Tundra" ], "malware_families": [ "Rubeus", "Dynowiper", "Lazywiper", "Impacket" ], "industries": [ "Energy", "Manufacturing" ] }, "other": { "adversary": [ "Cleaver, Handala, OilRig, RansomHouse, Leafminer, CopyKittens, Muddy Water, Wiper Malwares", "Static Tundra" ], "malware_families": [ "Rubeus", "Dynowiper", "Lazywiper", "Impacket" ], "industries": [ "Energy", "Manufacturing" ] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 8, "pulses": [ { "id": "69f32ac81834d5a878e8fac0", "name": "Energy Sector Incident Report", "description": "On December 29, 2025, coordinated destructive cyberattacks targeted Poland's energy infrastructure during severe winter weather. Approximately 30 wind and solar farms, a manufacturing company, and a combined heat and power plant serving nearly 500,000 customers were affected. Attackers exploited vulnerable FortiGate perimeter devices using stolen credentials and default passwords to access industrial control systems. Multiple types of wiper malware, including DynoWiper and LazyWiper, were deployed to destroy data across IT and OT environments. While renewable facilities lost communication with distribution operators without affecting electricity generation, the incidents demonstrated significant capability to cause physical disruption. Infrastructure analysis revealed connections to threat clusters known as Static Tundra, Ghost Blizzard, and potentially Sandworm, marking a notable escalation in cyber-sabotage operations.", "modified": "2026-05-30T10:03:42.474000", "created": "2026-04-30T10:11:20.255000", "tags": [ "energy sector", "cve-2024-2617", "rubeus", "dynowiper", "lazywiper", "destructive operations", "fortigate exploitation", "combined heat power", "impacket", "renewable energy", "poland infrastructure", "industrial control systems", "wiper attack" ], "references": [ "https://cert.pl/uploads/docs/CERT_Polska_Energy_Sector_Incident_Report_2025.pdf" ], "public": 1, "adversary": "Static Tundra", "targeted_countries": [ "Poland" ], "malware_families": [ { "id": "DynoWiper", "display_name": "DynoWiper", "target": null }, { "id": "LazyWiper", "display_name": "LazyWiper", "target": null }, { "id": "Impacket", "display_name": "Impacket", "target": null }, { "id": "Rubeus", "display_name": "Rubeus", "target": null } ], "attack_ids": [], "industries": [ "Energy", "Manufacturing" ], "TLP": "white", "cloned_from": null, "export_count": 24, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 21, "FileHash-SHA1": 5, "FileHash-SHA256": 7, "URL": 5 }, "indicator_count": 38, "is_author": false, "is_subscribing": null, "subscriber_count": 386443, "modified_text": "8 hours ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "FileHash-MD5", "related_indicator_is_active": 1 }, { "id": "69f3bd5aef3274f6820fabc7", "name": "\"E:\\CTIA-Tools\\CTIA Module 05 Data Analysis\\Microsoft Threat Modeling Tool\\TMT7.application\"", "description": "", "modified": "2026-05-30T10:03:42.474000", "created": "2026-04-30T20:36:42.625000", "tags": [ "energy sector", "cve-2024-2617", "rubeus", "dynowiper", "lazywiper", "destructive operations", "fortigate exploitation", "combined heat power", "impacket", "renewable energy", "poland infrastructure", "industrial control systems", "wiper attack" ], "references": [ "https://cert.pl/uploads/docs/CERT_Polska_Energy_Sector_Incident_Report_2025.pdf" ], "public": 1, "adversary": "Static Tundra", "targeted_countries": [ "Poland" ], "malware_families": [ { "id": "DynoWiper", "display_name": "DynoWiper", "target": null }, { "id": "LazyWiper", "display_name": "LazyWiper", "target": null }, { "id": "Impacket", "display_name": "Impacket", "target": null }, { "id": "Rubeus", "display_name": "Rubeus", "target": null } ], "attack_ids": [], "industries": [ "Energy", "Manufacturing" ], "TLP": "white", "cloned_from": "69f32ac81834d5a878e8fac0", "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "olivershippy", "id": "401750", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 21, "FileHash-SHA1": 5, "FileHash-SHA256": 7, "URL": 5 }, "indicator_count": 38, "is_author": false, "is_subscribing": null, "subscriber_count": 1, "modified_text": "8 hours ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "FileHash-MD5", "related_indicator_is_active": 1 }, { "id": "69f3bd6814568df21249e586", "name": "\"E:\\CTIA-Tools\\CTIA Module 05 Data Analysis\\Microsoft Threat Modeling Tool\\TMT7.application\"", "description": "", "modified": "2026-05-30T10:03:42.474000", "created": "2026-04-30T20:36:56.263000", "tags": [ "energy sector", "cve-2024-2617", "rubeus", "dynowiper", "lazywiper", "destructive operations", "fortigate exploitation", "combined heat power", "impacket", "renewable energy", "poland infrastructure", "industrial control systems", "wiper attack" ], "references": [ "https://cert.pl/uploads/docs/CERT_Polska_Energy_Sector_Incident_Report_2025.pdf" ], "public": 1, "adversary": "Static Tundra", "targeted_countries": [ "Poland" ], "malware_families": [ { "id": "DynoWiper", "display_name": "DynoWiper", "target": null }, { "id": "LazyWiper", "display_name": "LazyWiper", "target": null }, { "id": "Impacket", "display_name": "Impacket", "target": null }, { "id": "Rubeus", "display_name": "Rubeus", "target": null } ], "attack_ids": [], "industries": [ "Energy", "Manufacturing" ], "TLP": "white", "cloned_from": "69f32ac81834d5a878e8fac0", "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "olivershippy", "id": "401750", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 21, "FileHash-SHA1": 5, "FileHash-SHA256": 7, "URL": 5 }, "indicator_count": 38, "is_author": false, "is_subscribing": null, "subscriber_count": 1, "modified_text": "8 hours ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "FileHash-MD5", "related_indicator_is_active": 1 }, { "id": "69f82582e230f0f8170c97fa", "name": "Energy Sector Incident Report", "description": "", "modified": "2026-05-30T10:03:42.474000", "created": "2026-05-04T04:50:10.429000", "tags": [ "energy sector", "cve-2024-2617", "rubeus", "dynowiper", "lazywiper", "destructive operations", "fortigate exploitation", "combined heat power", "impacket", "renewable energy", "poland infrastructure", "industrial control systems", "wiper attack" ], "references": [ "https://cert.pl/uploads/docs/CERT_Polska_Energy_Sector_Incident_Report_2025.pdf" ], "public": 1, "adversary": "Static Tundra", "targeted_countries": [ "Poland" ], "malware_families": [ { "id": "DynoWiper", "display_name": "DynoWiper", "target": null }, { "id": "LazyWiper", "display_name": "LazyWiper", "target": null }, { "id": "Impacket", "display_name": "Impacket", "target": null }, { "id": "Rubeus", "display_name": "Rubeus", "target": null } ], "attack_ids": [], "industries": [ "Energy", "Manufacturing" ], "TLP": "white", "cloned_from": "69f32ac81834d5a878e8fac0", "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Tr1sa111", "id": "192483", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 21, "FileHash-SHA1": 5, "FileHash-SHA256": 7, "URL": 5 }, "indicator_count": 38, "is_author": false, "is_subscribing": null, "subscriber_count": 278, "modified_text": "8 hours ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "FileHash-MD5", "related_indicator_is_active": 1 }, { "id": "69b8f03b3216aa326067f7a0", "name": "HANDALA-Iranian Nexus Actor", "description": "", "modified": "2026-04-18T12:01:34.910000", "created": "2026-03-17T06:10:03.844000", "tags": [ "filehashsha256", "filehashmd5", "filename", "filehashsha1" ], "references": [ "IOCs.2026.2.csv" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 17, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "IMEBEEIMFINE", "id": "343873", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 1, "FileHash-MD5": 127, "FileHash-SHA1": 92, "FileHash-SHA256": 117, "URL": 19, "domain": 27, "hostname": 4 }, "indicator_count": 387, "is_author": false, "is_subscribing": null, "subscriber_count": 47, "modified_text": "42 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "FileHash-MD5", "related_indicator_is_active": 1 }, { "id": "69b6563c0597ac612e644416", "name": "Iranian APT Actors-Pt5", "description": "", "modified": "2026-04-15T09:12:52.422000", "created": "2026-03-15T06:48:28.010000", "tags": [ "filehashsha256", "filehashmd5", "filename", "filehashsha1", "bitcoinaddress", "temp", "port8083 domain", "registry", "cve201711882", "cve20170199" ], "references": [ "IOCs.2026.2.csv" ], "public": 1, "adversary": "Cleaver, Handala, OilRig, RansomHouse, Leafminer, CopyKittens, Muddy Water, Wiper Malwares", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 20, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "IMEBEEIMFINE", "id": "343873", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 32, "FileHash-MD5": 261, "FileHash-SHA1": 191, "FileHash-SHA256": 291, "CIDR": 2, "CVE": 4, "domain": 95, "hostname": 23 }, "indicator_count": 899, "is_author": false, "is_subscribing": null, "subscriber_count": 43, "modified_text": "45 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "FileHash-MD5", "related_indicator_is_active": 1 }, { "id": "69801d4e81d469e1672d9061", "name": "IOC - Energy Sector Incident Report - 29 December 2025", "description": "On 29 December 2025, in the morning and afternoon hours, coordinated attacks took place in Polish cyberspace. They were directed at more than 30 wind and photovoltaic farms, a private company from the manufacturing sector, and a large combined heat and power plant supplying heat to almost half a million customers in Poland.", "modified": "2026-03-04T03:02:53.031000", "created": "2026-02-02T03:43:10.234000", "tags": [ "dynowiper", "powershell", "december", "november", "microsoft", "reverse proxy", "o365" ], "references": [ "https://cert.pl/uploads/docs/CERT_Polska_Energy_Sector_Incident_Report_2025.pdf" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "celestre", "id": "295357", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 16, "URL": 3 }, "indicator_count": 19, "is_author": false, "is_subscribing": null, "subscriber_count": 139, "modified_text": "87 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "FileHash-MD5", "related_indicator_is_active": 1 }, { "id": "697c9c3cf4eadd27a48d39ee", "name": "CERT Poland Energy Sector Incident Report - 29 December 2025", "description": "CERT Poland Energy Sector Incident Report - 29 December 2025 https://cert.pl/en/posts/2026/01/incident-report-energy-sector-2025/", "modified": "2026-03-01T11:01:20.435000", "created": "2026-01-30T11:55:40.288000", "tags": [], "references": [ "", "https://cert.pl/en/posts/2026/01/incident-report-energy-sector-2025/" ], "public": 1, "adversary": "Static Tundra", "targeted_countries": [ "Poland" ], "malware_families": [], "attack_ids": [], "industries": [ "Energy" ], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "kravietz2048", "id": "79070", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_79070/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 16 }, "indicator_count": 16, "is_author": false, "is_subscribing": null, "subscriber_count": 43, "modified_text": "90 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "FileHash-MD5", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "71812ec5e06678096394b238210f0f7c", "type": "Hash" }, "abuseipdb": null, "urlhaus": { "indicator": "71812ec5e06678096394b238210f0f7c", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1780165583.3221438 }