{ "type": "SHA256", "indicator": "86edfd6c7a2fab8c50a372494e3d5b08c032cca754396f6e288d5d4c5738cb4c", "general": { "sections": [ "general", "analysis" ], "type": "sha256", "type_title": "FileHash-SHA256", "indicator": "86edfd6c7a2fab8c50a372494e3d5b08c032cca754396f6e288d5d4c5738cb4c", "validation": [], "base_indicator": { "id": 3660660945, "indicator": "86edfd6c7a2fab8c50a372494e3d5b08c032cca754396f6e288d5d4c5738cb4c", "type": "FileHash-SHA256", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 11, "pulses": [ { "id": "64349a74dc0ab1be0fa5b3fe", "name": "InQuest - 10-04-2023", "description": "", "modified": "2023-05-10T23:00:24.615000", "created": "2023-04-10T23:23:32.009000", "tags": [], "references": [ "https://labs.inquest.net/iocdb" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 6, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunterAutoFeed", "id": "182496", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_182496/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 143, "FileHash-MD5": 24, "domain": 668, "URL": 1406, "hostname": 340, "FileHash-SHA1": 11 }, "indicator_count": 2592, "is_author": false, "is_subscribing": null, "subscriber_count": 1601, "modified_text": "1070 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "FileHash-SHA256", "related_indicator_is_active": 1 }, { "id": "643f7535b07d861d8db90889", "name": "APT29-Espionage campaign linked to Russian intelligence services", "description": "", "modified": "2023-04-19T04:59:33.223000", "created": "2023-04-19T04:59:33.223000", "tags": [ "APT 29" ], "references": [ "2757167.misp-json", "https://www.gov.pl/web/baza-wiedzy/espionage-campaign-linked-to-russian-intelligence-services", "https://www.gov.pl/attachment/ee91f24d-3e67-436d-aa50-7fa56acf789d", "https://www.gov.pl/attachment/64193e8d-05e2-4cbf-bb4c-5f58da21fefb", "https://www.gov.pl/attachment/6f51bb1a-3ad2-461c-a16d-408915a56f77", "https://www.gov.pl/attachment/6e085a2c-ac05-4b62-9423-5d6e9ef730bf", "totalmassasje.no/schedule.php", "signitivelogics.com/Schedule.html", "humanecosmetics.com/category/noteworthy/6426-7346-9789", "signitivelogics.com/BMW.html", "literaturaelsalvador.com/Instructions.html", "literaturaelsalvador.com/Schedule.htm", "parquesanrafael.cl/note.html", "inovaoftalmologia.com.br/form.html", "sawabfoundation.net/p.php", "sawabfoundation.net/note.html", "pateke.com/auth/login.php", "pateke.com/index.php", "gatewan.com/c/msdownload/update/others/2021/10/se9fW4z8WJtmMyPQu", "gatewan.com/c/msdownload/update/others/2021/10/8PaDBDxLtokI3eH8", "sharpledge.com/login.php", "sylvio.com.br/form.php" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": "643f5ce95df345c0dd6abbe4", "export_count": 7, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Tr1sa111", "id": "192483", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 3, "IPv4": 2, "FileHash-MD5": 18, "FileHash-SHA1": 18, "FileHash-SHA256": 18 }, "indicator_count": 59, "is_author": false, "is_subscribing": null, "subscriber_count": 262, "modified_text": "1092 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "FileHash-MD5", "related_indicator_is_active": 1 }, { "id": "643f5ce95df345c0dd6abbe4", "name": "APT29-Espionage campaign linked to Russian intelligence services", "description": "", "modified": "2023-04-19T03:15:53.754000", "created": "2023-04-19T03:15:53.754000", "tags": [ "APT 29" ], "references": [ "2757167.misp-json", "https://www.gov.pl/web/baza-wiedzy/espionage-campaign-linked-to-russian-intelligence-services", "https://www.gov.pl/attachment/ee91f24d-3e67-436d-aa50-7fa56acf789d", "https://www.gov.pl/attachment/64193e8d-05e2-4cbf-bb4c-5f58da21fefb", "https://www.gov.pl/attachment/6f51bb1a-3ad2-461c-a16d-408915a56f77", "https://www.gov.pl/attachment/6e085a2c-ac05-4b62-9423-5d6e9ef730bf", "totalmassasje.no/schedule.php", "signitivelogics.com/Schedule.html", "humanecosmetics.com/category/noteworthy/6426-7346-9789", "signitivelogics.com/BMW.html", "literaturaelsalvador.com/Instructions.html", "literaturaelsalvador.com/Schedule.htm", "parquesanrafael.cl/note.html", "inovaoftalmologia.com.br/form.html", "sawabfoundation.net/p.php", "sawabfoundation.net/note.html", "pateke.com/auth/login.php", "pateke.com/index.php", "gatewan.com/c/msdownload/update/others/2021/10/se9fW4z8WJtmMyPQu", "gatewan.com/c/msdownload/update/others/2021/10/8PaDBDxLtokI3eH8", "sharpledge.com/login.php", "sylvio.com.br/form.php" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": "643cd9be5f54f5b47fb61eca", "export_count": 4, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "tr2222200", "id": "207905", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 3, "IPv4": 2, "FileHash-MD5": 18, "FileHash-SHA1": 18, "FileHash-SHA256": 18 }, "indicator_count": 59, "is_author": false, "is_subscribing": null, "subscriber_count": 183, "modified_text": "1092 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "FileHash-MD5", "related_indicator_is_active": 1 }, { "id": "643cd9be5f54f5b47fb61eca", "name": "Espionage campaign linked to Russian intelligence services", "description": "RMPAC7/2023/002/0247 Data 14/04/2023 APT 29: tracciata campagna di spionaggio contro Paesi membri della NATO,", "modified": "2023-04-17T05:31:42.310000", "created": "2023-04-17T05:31:42.310000", "tags": [ "APT 29" ], "references": [ "2757167.misp-json", "https://www.gov.pl/web/baza-wiedzy/espionage-campaign-linked-to-russian-intelligence-services", "https://www.gov.pl/attachment/ee91f24d-3e67-436d-aa50-7fa56acf789d", "https://www.gov.pl/attachment/64193e8d-05e2-4cbf-bb4c-5f58da21fefb", "https://www.gov.pl/attachment/6f51bb1a-3ad2-461c-a16d-408915a56f77", "https://www.gov.pl/attachment/6e085a2c-ac05-4b62-9423-5d6e9ef730bf", "totalmassasje.no/schedule.php", "signitivelogics.com/Schedule.html", "humanecosmetics.com/category/noteworthy/6426-7346-9789", "signitivelogics.com/BMW.html", "literaturaelsalvador.com/Instructions.html", "literaturaelsalvador.com/Schedule.htm", "parquesanrafael.cl/note.html", "inovaoftalmologia.com.br/form.html", "sawabfoundation.net/p.php", "sawabfoundation.net/note.html", "pateke.com/auth/login.php", "pateke.com/index.php", "gatewan.com/c/msdownload/update/others/2021/10/se9fW4z8WJtmMyPQu", "gatewan.com/c/msdownload/update/others/2021/10/8PaDBDxLtokI3eH8", "sharpledge.com/login.php", "sylvio.com.br/form.php" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 13, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "otx_support", "id": "26678", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 3, "IPv4": 2, "FileHash-MD5": 18, "FileHash-SHA1": 18, "FileHash-SHA256": 18 }, "indicator_count": 59, "is_author": false, "is_subscribing": null, "subscriber_count": 212, "modified_text": "1094 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "FileHash-MD5", "related_indicator_is_active": 1 }, { "id": "643c834ff4275e0d27ece381", "name": "InQuest - 16-04-2023", "description": "", "modified": "2023-04-16T23:22:55.133000", "created": "2023-04-16T23:22:55.133000", "tags": [], "references": [ "https://labs.inquest.net/iocdb" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 13, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunterAutoFeed", "id": "182496", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_182496/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA1": 17, "IPv4": 152, "FileHash-SHA256": 76, "URL": 1699, "domain": 1205, "hostname": 174, "FileHash-MD5": 20 }, "indicator_count": 3343, "is_author": false, "is_subscribing": null, "subscriber_count": 1600, "modified_text": "1094 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "FileHash-SHA256", "related_indicator_is_active": 1 }, { "id": "643b311ac05b090a2e42cec8", "name": "InQuest - 15-04-2023", "description": "", "modified": "2023-04-15T23:19:54.781000", "created": "2023-04-15T23:19:54.781000", "tags": [], "references": [ "https://labs.inquest.net/iocdb" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 11, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunterAutoFeed", "id": "182496", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_182496/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA1": 15, "IPv4": 158, "FileHash-SHA256": 314, "URL": 1571, "domain": 1097, "hostname": 139, "FileHash-MD5": 17 }, "indicator_count": 3311, "is_author": false, "is_subscribing": null, "subscriber_count": 1600, "modified_text": "1095 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "FileHash-SHA256", "related_indicator_is_active": 1 }, { "id": "643aa3ef2acb2df8bb51de83", "name": "Cozy Bear Attacks on Foreign Diplomatic Entities", "description": "", "modified": "2023-04-15T13:17:35.061000", "created": "2023-04-15T13:17:35.061000", "tags": [ "sha256", "note", "domain", "ip address" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 10, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "cryptocti", "id": "110256", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_110256/resized/80/avatar_e237a4257c.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "IPv4": 3, "FileHash-MD5": 6, "FileHash-SHA1": 6, "FileHash-SHA256": 22, "URL": 13, "domain": 14 }, "indicator_count": 64, "is_author": false, "is_subscribing": null, "subscriber_count": 482, "modified_text": "1095 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "FileHash-MD5", "related_indicator_is_active": 1 }, { "id": "643865024c27477cb6b44e17", "name": "Espionage campaign linked to Russian intelligence services", "description": "https://www.gov.pl/web/baza-wiedzy/espionage-campaign-linked-to-russian-intelligence-services", "modified": "2023-04-13T20:24:34.495000", "created": "2023-04-13T20:24:34.495000", "tags": [ "telegram", "legion", "khtml", "gecko", "cado labs", "cado", "macintosh", "intel mac", "os x", "smtp", "androxgh0st", "execution", "apache", "virustotal", "february", "tools", "example", "python", "concept", "indonesia", "android", "win64" ], "references": [ "https://www.cadosecurity.com/legion-an-aws-credential-harvester-and-smtp-hijacker/", "IoC_Reference.pdf" ], "public": 1, "adversary": "Telegram", "targeted_countries": [ "Indonesia" ], "malware_families": [], "attack_ids": [ { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1090", "name": "Proxy", "display_name": "T1090 - Proxy" }, { "id": "T1110", "name": "Brute Force", "display_name": "T1110 - Brute Force" }, { "id": "T1555", "name": "Credentials from Password Stores", "display_name": "T1555 - Credentials from Password Stores" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Cyber74Team", "id": "202637", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_202637/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 24, "FileHash-SHA1": 23, "FileHash-SHA256": 23, "IPv4": 3, "URL": 14, "domain": 14 }, "indicator_count": 101, "is_author": false, "is_subscribing": null, "subscriber_count": 165, "modified_text": "1097 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "FileHash-MD5", "related_indicator_is_active": 1 }, { "id": "64373c54a721267506283905", "name": "InQuest - 12-04-2023", "description": "", "modified": "2023-04-12T23:18:44.167000", "created": "2023-04-12T23:18:44.167000", "tags": [], "references": [ "https://labs.inquest.net/iocdb" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 6, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunterAutoFeed", "id": "182496", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_182496/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 112, "IPv4": 105, "URL": 1767, "domain": 1197, "hostname": 187, "FileHash-MD5": 112, "FileHash-SHA1": 9 }, "indicator_count": 3489, "is_author": false, "is_subscribing": null, "subscriber_count": 1600, "modified_text": "1098 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "FileHash-SHA256", "related_indicator_is_active": 1 }, { "id": "6435eae06b17f099868dee74", "name": "InQuest - 11-04-2023", "description": "", "modified": "2023-04-11T23:18:56.095000", "created": "2023-04-11T23:18:56.095000", "tags": [], "references": [ "https://labs.inquest.net/iocdb" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunterAutoFeed", "id": "182496", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_182496/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 125, "domain": 939, "URL": 1536, "hostname": 248, "IPv4": 197, "FileHash-MD5": 42, "FileHash-SHA1": 15 }, "indicator_count": 3102, "is_author": false, "is_subscribing": null, "subscriber_count": 1599, "modified_text": "1099 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "FileHash-SHA256", "related_indicator_is_active": 1 }, { "id": "64349a5d1670b9ea6bdf4882", "name": "Twitter Feed - TLP_R3D - 10-04-2023", "description": "", "modified": "2023-04-10T23:23:09.720000", "created": "2023-04-10T23:23:09.720000", "tags": [ "malware", "CobaltStrike" ], "references": [ "https://twitter.com/TLP_R3D/status/1645462752134156288" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 4, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunterAutoFeed", "id": "182496", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_182496/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 2 }, "indicator_count": 2, "is_author": false, "is_subscribing": null, "subscriber_count": 1599, "modified_text": "1100 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "FileHash-SHA256", "related_indicator_is_active": 1 } ], "references": [ "https://www.cadosecurity.com/legion-an-aws-credential-harvester-and-smtp-hijacker/", "https://www.gov.pl/attachment/64193e8d-05e2-4cbf-bb4c-5f58da21fefb", "https://www.gov.pl/web/baza-wiedzy/espionage-campaign-linked-to-russian-intelligence-services", "inovaoftalmologia.com.br/form.html", "parquesanrafael.cl/note.html", "literaturaelsalvador.com/Instructions.html", "sylvio.com.br/form.php", "2757167.misp-json", "humanecosmetics.com/category/noteworthy/6426-7346-9789", "gatewan.com/c/msdownload/update/others/2021/10/se9fW4z8WJtmMyPQu", "totalmassasje.no/schedule.php", "pateke.com/auth/login.php", "https://www.gov.pl/attachment/ee91f24d-3e67-436d-aa50-7fa56acf789d", "pateke.com/index.php", "sawabfoundation.net/p.php", "gatewan.com/c/msdownload/update/others/2021/10/8PaDBDxLtokI3eH8", "signitivelogics.com/Schedule.html", "https://www.gov.pl/attachment/6e085a2c-ac05-4b62-9423-5d6e9ef730bf", "https://labs.inquest.net/iocdb", "https://www.gov.pl/attachment/6f51bb1a-3ad2-461c-a16d-408915a56f77", "signitivelogics.com/BMW.html", "IoC_Reference.pdf", "sawabfoundation.net/note.html", "literaturaelsalvador.com/Schedule.htm", "https://twitter.com/TLP_R3D/status/1645462752134156288", "sharpledge.com/login.php" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [] }, "other": { "adversary": [ "Telegram" ], "malware_families": [], "industries": [] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 11, "pulses": [ { "id": "64349a74dc0ab1be0fa5b3fe", "name": "InQuest - 10-04-2023", "description": "", "modified": "2023-05-10T23:00:24.615000", "created": "2023-04-10T23:23:32.009000", "tags": [], "references": [ "https://labs.inquest.net/iocdb" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 6, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunterAutoFeed", "id": "182496", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_182496/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 143, "FileHash-MD5": 24, "domain": 668, "URL": 1406, "hostname": 340, "FileHash-SHA1": 11 }, "indicator_count": 2592, "is_author": false, "is_subscribing": null, "subscriber_count": 1601, "modified_text": "1070 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "FileHash-SHA256", "related_indicator_is_active": 1 }, { "id": "643f7535b07d861d8db90889", "name": "APT29-Espionage campaign linked to Russian intelligence services", "description": "", "modified": "2023-04-19T04:59:33.223000", "created": "2023-04-19T04:59:33.223000", "tags": [ "APT 29" ], "references": [ "2757167.misp-json", "https://www.gov.pl/web/baza-wiedzy/espionage-campaign-linked-to-russian-intelligence-services", "https://www.gov.pl/attachment/ee91f24d-3e67-436d-aa50-7fa56acf789d", "https://www.gov.pl/attachment/64193e8d-05e2-4cbf-bb4c-5f58da21fefb", "https://www.gov.pl/attachment/6f51bb1a-3ad2-461c-a16d-408915a56f77", "https://www.gov.pl/attachment/6e085a2c-ac05-4b62-9423-5d6e9ef730bf", "totalmassasje.no/schedule.php", "signitivelogics.com/Schedule.html", "humanecosmetics.com/category/noteworthy/6426-7346-9789", "signitivelogics.com/BMW.html", "literaturaelsalvador.com/Instructions.html", "literaturaelsalvador.com/Schedule.htm", "parquesanrafael.cl/note.html", "inovaoftalmologia.com.br/form.html", "sawabfoundation.net/p.php", "sawabfoundation.net/note.html", "pateke.com/auth/login.php", "pateke.com/index.php", "gatewan.com/c/msdownload/update/others/2021/10/se9fW4z8WJtmMyPQu", "gatewan.com/c/msdownload/update/others/2021/10/8PaDBDxLtokI3eH8", "sharpledge.com/login.php", "sylvio.com.br/form.php" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": "643f5ce95df345c0dd6abbe4", "export_count": 7, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Tr1sa111", "id": "192483", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 3, "IPv4": 2, "FileHash-MD5": 18, "FileHash-SHA1": 18, "FileHash-SHA256": 18 }, "indicator_count": 59, "is_author": false, "is_subscribing": null, "subscriber_count": 262, "modified_text": "1092 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "FileHash-MD5", "related_indicator_is_active": 1 }, { "id": "643f5ce95df345c0dd6abbe4", "name": "APT29-Espionage campaign linked to Russian intelligence services", "description": "", "modified": "2023-04-19T03:15:53.754000", "created": "2023-04-19T03:15:53.754000", "tags": [ "APT 29" ], "references": [ "2757167.misp-json", "https://www.gov.pl/web/baza-wiedzy/espionage-campaign-linked-to-russian-intelligence-services", "https://www.gov.pl/attachment/ee91f24d-3e67-436d-aa50-7fa56acf789d", "https://www.gov.pl/attachment/64193e8d-05e2-4cbf-bb4c-5f58da21fefb", "https://www.gov.pl/attachment/6f51bb1a-3ad2-461c-a16d-408915a56f77", "https://www.gov.pl/attachment/6e085a2c-ac05-4b62-9423-5d6e9ef730bf", "totalmassasje.no/schedule.php", "signitivelogics.com/Schedule.html", "humanecosmetics.com/category/noteworthy/6426-7346-9789", "signitivelogics.com/BMW.html", "literaturaelsalvador.com/Instructions.html", "literaturaelsalvador.com/Schedule.htm", "parquesanrafael.cl/note.html", "inovaoftalmologia.com.br/form.html", "sawabfoundation.net/p.php", "sawabfoundation.net/note.html", "pateke.com/auth/login.php", "pateke.com/index.php", "gatewan.com/c/msdownload/update/others/2021/10/se9fW4z8WJtmMyPQu", "gatewan.com/c/msdownload/update/others/2021/10/8PaDBDxLtokI3eH8", "sharpledge.com/login.php", "sylvio.com.br/form.php" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": "643cd9be5f54f5b47fb61eca", "export_count": 4, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "tr2222200", "id": "207905", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 3, "IPv4": 2, "FileHash-MD5": 18, "FileHash-SHA1": 18, "FileHash-SHA256": 18 }, "indicator_count": 59, "is_author": false, "is_subscribing": null, "subscriber_count": 183, "modified_text": "1092 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "FileHash-MD5", "related_indicator_is_active": 1 }, { "id": "643cd9be5f54f5b47fb61eca", "name": "Espionage campaign linked to Russian intelligence services", "description": "RMPAC7/2023/002/0247 Data 14/04/2023 APT 29: tracciata campagna di spionaggio contro Paesi membri della NATO,", "modified": "2023-04-17T05:31:42.310000", "created": "2023-04-17T05:31:42.310000", "tags": [ "APT 29" ], "references": [ "2757167.misp-json", "https://www.gov.pl/web/baza-wiedzy/espionage-campaign-linked-to-russian-intelligence-services", "https://www.gov.pl/attachment/ee91f24d-3e67-436d-aa50-7fa56acf789d", "https://www.gov.pl/attachment/64193e8d-05e2-4cbf-bb4c-5f58da21fefb", "https://www.gov.pl/attachment/6f51bb1a-3ad2-461c-a16d-408915a56f77", "https://www.gov.pl/attachment/6e085a2c-ac05-4b62-9423-5d6e9ef730bf", "totalmassasje.no/schedule.php", "signitivelogics.com/Schedule.html", "humanecosmetics.com/category/noteworthy/6426-7346-9789", "signitivelogics.com/BMW.html", "literaturaelsalvador.com/Instructions.html", "literaturaelsalvador.com/Schedule.htm", "parquesanrafael.cl/note.html", "inovaoftalmologia.com.br/form.html", "sawabfoundation.net/p.php", "sawabfoundation.net/note.html", "pateke.com/auth/login.php", "pateke.com/index.php", "gatewan.com/c/msdownload/update/others/2021/10/se9fW4z8WJtmMyPQu", "gatewan.com/c/msdownload/update/others/2021/10/8PaDBDxLtokI3eH8", "sharpledge.com/login.php", "sylvio.com.br/form.php" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 13, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "otx_support", "id": "26678", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 3, "IPv4": 2, "FileHash-MD5": 18, "FileHash-SHA1": 18, "FileHash-SHA256": 18 }, "indicator_count": 59, "is_author": false, "is_subscribing": null, "subscriber_count": 212, "modified_text": "1094 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "FileHash-MD5", "related_indicator_is_active": 1 }, { "id": "643c834ff4275e0d27ece381", "name": "InQuest - 16-04-2023", "description": "", "modified": "2023-04-16T23:22:55.133000", "created": "2023-04-16T23:22:55.133000", "tags": [], "references": [ "https://labs.inquest.net/iocdb" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 13, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunterAutoFeed", "id": "182496", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_182496/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA1": 17, "IPv4": 152, "FileHash-SHA256": 76, "URL": 1699, "domain": 1205, "hostname": 174, "FileHash-MD5": 20 }, "indicator_count": 3343, "is_author": false, "is_subscribing": null, "subscriber_count": 1600, "modified_text": "1094 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "FileHash-SHA256", "related_indicator_is_active": 1 }, { "id": "643b311ac05b090a2e42cec8", "name": "InQuest - 15-04-2023", "description": "", "modified": "2023-04-15T23:19:54.781000", "created": "2023-04-15T23:19:54.781000", "tags": [], "references": [ "https://labs.inquest.net/iocdb" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 11, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunterAutoFeed", "id": "182496", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_182496/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA1": 15, "IPv4": 158, "FileHash-SHA256": 314, "URL": 1571, "domain": 1097, "hostname": 139, "FileHash-MD5": 17 }, "indicator_count": 3311, "is_author": false, "is_subscribing": null, "subscriber_count": 1600, "modified_text": "1095 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "FileHash-SHA256", "related_indicator_is_active": 1 }, { "id": "643aa3ef2acb2df8bb51de83", "name": "Cozy Bear Attacks on Foreign Diplomatic Entities", "description": "", "modified": "2023-04-15T13:17:35.061000", "created": "2023-04-15T13:17:35.061000", "tags": [ "sha256", "note", "domain", "ip address" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 10, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "cryptocti", "id": "110256", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_110256/resized/80/avatar_e237a4257c.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "IPv4": 3, "FileHash-MD5": 6, "FileHash-SHA1": 6, "FileHash-SHA256": 22, "URL": 13, "domain": 14 }, "indicator_count": 64, "is_author": false, "is_subscribing": null, "subscriber_count": 482, "modified_text": "1095 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "FileHash-MD5", "related_indicator_is_active": 1 }, { "id": "643865024c27477cb6b44e17", "name": "Espionage campaign linked to Russian intelligence services", "description": "https://www.gov.pl/web/baza-wiedzy/espionage-campaign-linked-to-russian-intelligence-services", "modified": "2023-04-13T20:24:34.495000", "created": "2023-04-13T20:24:34.495000", "tags": [ "telegram", "legion", "khtml", "gecko", "cado labs", "cado", "macintosh", "intel mac", "os x", "smtp", "androxgh0st", "execution", "apache", "virustotal", "february", "tools", "example", "python", "concept", "indonesia", "android", "win64" ], "references": [ "https://www.cadosecurity.com/legion-an-aws-credential-harvester-and-smtp-hijacker/", "IoC_Reference.pdf" ], "public": 1, "adversary": "Telegram", "targeted_countries": [ "Indonesia" ], "malware_families": [], "attack_ids": [ { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1090", "name": "Proxy", "display_name": "T1090 - Proxy" }, { "id": "T1110", "name": "Brute Force", "display_name": "T1110 - Brute Force" }, { "id": "T1555", "name": "Credentials from Password Stores", "display_name": "T1555 - Credentials from Password Stores" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Cyber74Team", "id": "202637", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_202637/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 24, "FileHash-SHA1": 23, "FileHash-SHA256": 23, "IPv4": 3, "URL": 14, "domain": 14 }, "indicator_count": 101, "is_author": false, "is_subscribing": null, "subscriber_count": 165, "modified_text": "1097 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "FileHash-MD5", "related_indicator_is_active": 1 }, { "id": "64373c54a721267506283905", "name": "InQuest - 12-04-2023", "description": "", "modified": "2023-04-12T23:18:44.167000", "created": "2023-04-12T23:18:44.167000", "tags": [], "references": [ "https://labs.inquest.net/iocdb" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 6, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunterAutoFeed", "id": "182496", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_182496/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 112, "IPv4": 105, "URL": 1767, "domain": 1197, "hostname": 187, "FileHash-MD5": 112, "FileHash-SHA1": 9 }, "indicator_count": 3489, "is_author": false, "is_subscribing": null, "subscriber_count": 1600, "modified_text": "1098 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "FileHash-SHA256", "related_indicator_is_active": 1 }, { "id": "6435eae06b17f099868dee74", "name": "InQuest - 11-04-2023", "description": "", "modified": "2023-04-11T23:18:56.095000", "created": "2023-04-11T23:18:56.095000", "tags": [], "references": [ "https://labs.inquest.net/iocdb" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunterAutoFeed", "id": "182496", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_182496/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 125, "domain": 939, "URL": 1536, "hostname": 248, "IPv4": 197, "FileHash-MD5": 42, "FileHash-SHA1": 15 }, "indicator_count": 3102, "is_author": false, "is_subscribing": null, "subscriber_count": 1599, "modified_text": "1099 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "FileHash-SHA256", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "86edfd6c7a2fab8c50a372494e3d5b08c032cca754396f6e288d5d4c5738cb4c", "type": "Hash" }, "abuseipdb": null, "urlhaus": { "indicator": "86edfd6c7a2fab8c50a372494e3d5b08c032cca754396f6e288d5d4c5738cb4c", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1776233044.7886105 }