{ "type": "MD5", "indicator": "cacacc25ddadeef052d7f9559e9af0db", "general": { "sections": [ "general", "analysis" ], "type": "md5", "type_title": "FileHash-MD5", "indicator": "cacacc25ddadeef052d7f9559e9af0db", "validation": [], "base_indicator": { "id": 3353576079, "indicator": "cacacc25ddadeef052d7f9559e9af0db", "type": "FileHash-MD5", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 25, "pulses": [ { "id": "67ef8acdfe632a32bd164cbc", "name": "Threat Intel Report - W11-2025", "description": "These are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week. \n\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools. \n\nThese details may be used as an additional layer to verify the current security posture of an organization against latest cyber trends.", "modified": "2025-05-04T07:02:31.627000", "created": "2025-04-04T07:31:25.772000", "tags": [ "mozi", "germany", "india", "china", "grouped", "vietnam", "united kingdom", "singapore", "week", "group", "indonesia", "clearfake", "asyncrat", "stealc", "smartloader", "mexico", "remcos", "malware", "date", "belarus", "ukraine", "amadey", "lockbit", "linux", "superblack", "akira" ], "references": [ "https://urlhaus.abuse.ch/", "https://any.run/malware-trends/" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [ { "id": "Linux", "display_name": "Linux", "target": null }, { "id": "SuperBlack", "display_name": "SuperBlack", "target": null }, { "id": "Akira", "display_name": "Akira", "target": null }, { "id": "LockBit", "display_name": "LockBit", "target": null } ], "attack_ids": [ { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" } ], "industries": [ "Cryptocurrency" ], "TLP": "white", "cloned_from": null, "export_count": 21, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 91, "FileHash-MD5": 51, "FileHash-SHA1": 51, "FileHash-SHA256": 117, "domain": 62, "hostname": 114 }, "indicator_count": 486, "is_author": false, "is_subscribing": null, "subscriber_count": 106, "modified_text": "391 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "FileHash-MD5", "related_indicator_is_active": 1 }, { "id": "6718d5365b2f8eed9f8fa754", "name": "Threat Intel Report - W43-2024", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced from various channels and tools.\nThese are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week.\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools.\nThese details may be used as an additional layer to verify the current security posture of an organization against latest cyber trends.", "modified": "2024-11-22T10:00:39.242000", "created": "2024-10-23T10:51:34.212000", "tags": [ "mozi", "mozi link", "brazil", "germany", "singapore", "panama", "china", "france", "week", "turkey", "indonesia", "stealc", "asyncrat", "remcos", "coinminer", "ukraine", "amadey" ], "references": [ "https://myip.ms/browse/blacklist/Blacklist_IP_Blacklist_IP_Addresses_Live_Database_Real-time", "https://any.run/malware-trends/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 27, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 46, "FileHash-SHA1": 46, "FileHash-SHA256": 117, "URL": 202, "domain": 52, "hostname": 75 }, "indicator_count": 538, "is_author": false, "is_subscribing": null, "subscriber_count": 108, "modified_text": "554 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "FileHash-MD5", "related_indicator_is_active": 1 }, { "id": "6718d3f1b2d95f85c40b2233", "name": "Threat Intel Report - W42-2024", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced from various channels and tools.\nThese are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week.\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools.\nThese details may be used as an additional layer to verify the current security posture of an organization against latest cyber trends.", "modified": "2024-11-22T10:00:39.242000", "created": "2024-10-23T10:46:09.554000", "tags": [ "mozi", "mozi link", "brazil", "germany", "singapore", "panama", "china", "france", "week", "turkey", "indonesia", "stealc", "asyncrat", "remcos", "coinminer", "ukraine", "amadey" ], "references": [ "https://myip.ms/browse/blacklist/Blacklist_IP_Blacklist_IP_Addresses_Live_Database_Real-time", "https://any.run/malware-trends/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 27, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 46, "FileHash-SHA1": 46, "FileHash-SHA256": 117, "URL": 202, "domain": 52, "hostname": 75 }, "indicator_count": 538, "is_author": false, "is_subscribing": null, "subscriber_count": 107, "modified_text": "554 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "FileHash-MD5", "related_indicator_is_active": 1 }, { "id": "6718d3efafe0408a73fde2b6", "name": "Threat Intel Report - W42-2024", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced from various channels and tools.\nThese are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week.\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools.\nThese details may be used as an additional layer to verify the current security posture of an organization against latest cyber trends.", "modified": "2024-11-22T10:00:39.242000", "created": "2024-10-23T10:46:07.116000", "tags": [ "mozi", "mozi link", "brazil", "germany", "singapore", "panama", "china", "france", "week", "turkey", "indonesia", "stealc", "asyncrat", "remcos", "coinminer", "ukraine", "amadey" ], "references": [ "https://myip.ms/browse/blacklist/Blacklist_IP_Blacklist_IP_Addresses_Live_Database_Real-time", "https://any.run/malware-trends/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 29, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 46, "FileHash-SHA1": 46, "FileHash-SHA256": 117, "URL": 202, "domain": 52, "hostname": 75 }, "indicator_count": 538, "is_author": false, "is_subscribing": null, "subscriber_count": 107, "modified_text": "554 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "FileHash-MD5", "related_indicator_is_active": 1 }, { "id": "6703d87eff4579a6c50ed9e6", "name": "Threat Intel Report - W37-2024", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced from various channels and tools. \n\nThese are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week. \n\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools. \n\nThese details may be used as an additional layer to verify the current security posture of an organization against latest cyber trends.", "modified": "2024-11-06T12:02:47.328000", "created": "2024-10-07T12:47:58.558000", "tags": [ "mozi", "germany", "brazil", "russia", "ukraine", "france", "india", "singapore", "spain", "week", "mexico", "remcos", "panama", "agent tesla", "dbatloader", "warzonerat", "formbook" ], "references": [ "https://myip.ms/browse/blacklist/Blacklist_IP_Blacklist_IP_Addresses_Live_Database_Real-time", "https://any.run/malware-trends/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 31, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 52, "FileHash-SHA1": 52, "FileHash-SHA256": 118, "URL": 193, "domain": 8, "hostname": 156 }, "indicator_count": 579, "is_author": false, "is_subscribing": null, "subscriber_count": 106, "modified_text": "570 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "FileHash-MD5", "related_indicator_is_active": 1 }, { "id": "6696324b10bd4d2a34d1a1a2", "name": "Threat Intel Report - W26-2024", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced from various channels and tools. \n\nThese are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week. \n\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools. \n\nThese details may be used as an additional layer to verify the current security posture of an organization against latest cyber trends.", "modified": "2024-08-15T08:00:39.221000", "created": "2024-07-16T08:41:47.431000", "tags": [ "mozi", "mozi link", "germany", "week", "poland", "canada", "panama", "urls http", "ukraine", "japan", "remcos", "formbook", "agent tesla", "asyncrat", "xworm" ], "references": [ "https://myip.ms/browse/blacklist/Blacklist_IP_Blacklist_IP_Addresses_Live_Database_Real-time#a", "https://urlhaus.abuse.ch/browse.php?search=.exe" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 15, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 59, "FileHash-SHA1": 59, "FileHash-SHA256": 116, "URL": 96, "domain": 62, "hostname": 104 }, "indicator_count": 496, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "653 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "FileHash-MD5", "related_indicator_is_active": 1 }, { "id": "66434c68052cc97daee0448f", "name": "Threat Intel Report - W13-2024", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced from various channels and tools. \n\nThese are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week. \n\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools. \n\nThese details may be used as an additional layer to verify the current security posture of an organization against latest cyber trends.", "modified": "2024-06-13T11:00:15.938000", "created": "2024-05-14T11:35:04.150000", "tags": [ "mozi", "mozi link", "snoopy", "mexico", "russia", "urls https", "sha values", "file name", "submit date", "ukraine", "date", "originlogger" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 7, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 98, "FileHash-MD5": 64, "FileHash-SHA1": 64, "FileHash-SHA256": 123, "URL": 171, "domain": 12 }, "indicator_count": 532, "is_author": false, "is_subscribing": null, "subscriber_count": 107, "modified_text": "716 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "FileHash-MD5", "related_indicator_is_active": 1 }, { "id": "6643488e142fe7b1d26979ee", "name": "Threat Intel Report - W14-2024", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced from various channels and tools. \n\nThese are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week. \n\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools. \n\nThese details may be used as an additional layer to verify the current security posture of an organization against latest cyber trends.", "modified": "2024-06-13T11:00:15.938000", "created": "2024-05-14T11:18:38.642000", "tags": [ "mozi", "mozi link", "germany", "bulgaria", "russia", "japan", "united kingdom", "ireland", "mexico", "canada", "pikabot", "indonesia", "slovakia", "panama" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 9, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 94, "FileHash-MD5": 56, "FileHash-SHA1": 56, "FileHash-SHA256": 120, "URL": 181, "domain": 9 }, "indicator_count": 516, "is_author": false, "is_subscribing": null, "subscriber_count": 106, "modified_text": "716 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "FileHash-MD5", "related_indicator_is_active": 1 }, { "id": "661dfd16f6abf8a44b155dcd", "name": "Threat Intel Report - W10-2024", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced from various channels and tools. \n\nThese are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week. \n\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools. \n\nThese details may be used as an additional layer to verify the current security posture of an organization against latest cyber trends.", "modified": "2024-05-16T04:03:48.331000", "created": "2024-04-16T04:22:46.826000", "tags": [ "urls http", "urls https", "sha values", "malware url", "ip address", "blacklist", "urls ftp", "domains" ], "references": [ "https://urlhaus.abuse.ch/browse.php?search=.exe", "https://myip.ms/browse/blacklist/Blacklist_IP_Blacklist_IP_Addresses_Live_Database_Real-time#a" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 21, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 57, "FileHash-SHA1": 57, "FileHash-SHA256": 102, "URL": 112, "domain": 6, "hostname": 107 }, "indicator_count": 441, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "745 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "FileHash-MD5", "related_indicator_is_active": 1 }, { "id": "661d1c52125a6a360ee6f264", "name": "Threat Intel Report - W6-2024", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced from various channels and tools. \n\nThese are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week. \n\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools. \n\nThese details may be used as an additional layer to verify the current security posture of an organization against latest cyber trends.", "modified": "2024-05-15T12:02:01.657000", "created": "2024-04-15T12:23:46.762000", "tags": [ "urls https", "urls http", "domains", "sha value", "malware url", "host" ], "references": [ "https://myip.ms/browse/blacklist/Blacklist_IP_Blacklist_IP_Addresses_Live_Database_Real-time#a", "https://urlhaus.abuse.ch/browse/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 16, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 125, "FileHash-MD5": 54, "FileHash-SHA1": 54, "FileHash-SHA256": 113, "domain": 7, "hostname": 103 }, "indicator_count": 456, "is_author": false, "is_subscribing": null, "subscriber_count": 106, "modified_text": "745 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "FileHash-MD5", "related_indicator_is_active": 1 }, { "id": "661d1b8d57b3acef8c7d80ff", "name": "Threat Intel Report - W13-2024", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced from various channels and tools. \n\nThese are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week. \n\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools. \n\nThese details may be used as an additional layer to verify the current security posture of an organization against latest cyber trends.", "modified": "2024-05-15T12:02:01.657000", "created": "2024-04-15T12:20:29.885000", "tags": [ "urls https", "sha values", "malware url", "ip address", "blacklist host", "urls ftp", "domains", "urls http", "ams8bjug1iv", "tg https" ], "references": [ "https://urlhaus.abuse.ch/", "https://myip.ms/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 16, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 98, "FileHash-MD5": 64, "FileHash-SHA1": 64, "FileHash-SHA256": 123, "URL": 171, "domain": 12 }, "indicator_count": 532, "is_author": false, "is_subscribing": null, "subscriber_count": 106, "modified_text": "745 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "FileHash-MD5", "related_indicator_is_active": 1 }, { "id": "6570994901b8a87d7eb31aa7", "name": "IOCS202304091516", "description": "", "modified": "2023-12-06T15:54:49.341000", "created": "2023-12-06T15:54:49.341000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 980, "FileHash-MD5": 196, "FileHash-SHA1": 196, "domain": 182, "hostname": 279, "URL": 3 }, "indicator_count": 1836, "is_author": false, "is_subscribing": null, "subscriber_count": 110, "modified_text": "906 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "FileHash-MD5", "related_indicator_is_active": 1 }, { "id": "657098fb4c59f8ac3f86f612", "name": "202303251514", "description": "", "modified": "2023-12-06T15:53:31.627000", "created": "2023-12-06T15:53:31.627000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 976, "FileHash-MD5": 196, "FileHash-SHA1": 196, "domain": 174, "hostname": 171, "URL": 3 }, "indicator_count": 1716, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "906 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "FileHash-MD5", "related_indicator_is_active": 1 }, { "id": "6570933be01644c0416e2b2b", "name": "IOCS202210160921", "description": "", "modified": "2023-12-06T15:28:59.805000", "created": "2023-12-06T15:28:59.805000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 437, "FileHash-MD5": 232, "FileHash-SHA1": 232, "hostname": 48, "URL": 2, "domain": 65 }, "indicator_count": 1016, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "906 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "FileHash-MD5", "related_indicator_is_active": 1 }, { "id": "6432bac1eb5fb65376156579", "name": "IOCS202304091516", "description": "Hashes for the first time have been shared by users using the same IP address as those on Facebook, Twitter and other social media sites, as well as the BBC News Channel and BBC iPlayer.", "modified": "2023-05-09T13:02:06.153000", "created": "2023-04-09T13:16:49.795000", "tags": [ "emotet", "wannacry", "wannycry", "trickbot", "qbot", "cobalt strike", "flawedammyy", "systembc", "domains", "hashes", "wcry", "microsoft", "iocs ip", "emotet malware", "fake net", "cobaltstrike", "first", "eternalblue", "desktop", "trojan", "agent tesla", "malware", "fallout" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "SystemBC", "display_name": "SystemBC", "target": null }, { "id": "FlawedAmmyy", "display_name": "FlawedAmmyy", "target": null }, { "id": "Cobalt Strike", "display_name": "Cobalt Strike", "target": null }, { "id": "Qbot", "display_name": "Qbot", "target": null }, { "id": "Trickbot", "display_name": "Trickbot", "target": null }, { "id": "WannyCry", "display_name": "WannyCry", "target": null }, { "id": "WannaCry", "display_name": "WannaCry", "target": null }, { "id": "Emotet", "display_name": "Emotet", "target": null }, { "id": "Agent Tesla", "display_name": "Agent Tesla", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1080", "name": "Taint Shared Content", "display_name": "T1080 - Taint Shared Content" }, { "id": "T1102", "name": "Web Service", "display_name": "T1102 - Web Service" }, { "id": "T1210", "name": "Exploitation of Remote Services", "display_name": "T1210 - Exploitation of Remote Services" }, { "id": "T1486", "name": "Data Encrypted for Impact", "display_name": "T1486 - Data Encrypted for Impact" }, { "id": "T1490", "name": "Inhibit System Recovery", "display_name": "T1490 - Inhibit System Recovery" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 18, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlessandroFiori", "id": "91912", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_91912/resized/80/avatar_2b1b2b88b6.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 196, "FileHash-SHA1": 196, "FileHash-SHA256": 980, "URL": 3, "domain": 182, "hostname": 279 }, "indicator_count": 1836, "is_author": false, "is_subscribing": null, "subscriber_count": 418, "modified_text": "1117 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "FileHash-MD5", "related_indicator_is_active": 1 }, { "id": "641f01b25f684f5bb91cea7f", "name": "202303251514", "description": "Hashes for the first time are being shared by users using the same IP address as the BBC News app and BBC Radio 4's Newsround website, which is available to listen to any of the above.", "modified": "2023-04-24T14:04:42.146000", "created": "2023-03-25T14:14:10.717000", "tags": [ "emotet", "wannacry", "systembc", "trickbot", "qbot", "cobalt strike", "agent tesla", "wannycry", "domains", "hashes", "wcry", "emotet malware", "fake net", "iocs ip", "microsoft", "cobaltstrike", "trojan", "flawedammyy", "first", "eternalblue", "desktop", "malware", "fallout" ], "references": [ "a.txt" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "WannyCry", "display_name": "WannyCry", "target": null }, { "id": "Agent Tesla", "display_name": "Agent Tesla", "target": null }, { "id": "Cobalt Strike", "display_name": "Cobalt Strike", "target": null }, { "id": "Qbot", "display_name": "Qbot", "target": null }, { "id": "Trickbot", "display_name": "Trickbot", "target": null }, { "id": "SystemBC", "display_name": "SystemBC", "target": null }, { "id": "WannaCry", "display_name": "WannaCry", "target": null }, { "id": "Emotet", "display_name": "Emotet", "target": null } ], "attack_ids": [ { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1490", "name": "Inhibit System Recovery", "display_name": "T1490 - Inhibit System Recovery" }, { "id": "T1210", "name": "Exploitation of Remote Services", "display_name": "T1210 - Exploitation of Remote Services" }, { "id": "T1486", "name": "Data Encrypted for Impact", "display_name": "T1486 - Data Encrypted for Impact" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1080", "name": "Taint Shared Content", "display_name": "T1080 - Taint Shared Content" }, { "id": "T1102", "name": "Web Service", "display_name": "T1102 - Web Service" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 12, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlessandroFiori", "id": "91912", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_91912/resized/80/avatar_2b1b2b88b6.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 196, "FileHash-SHA1": 196, "FileHash-SHA256": 976, "URL": 3, "domain": 174, "hostname": 171 }, "indicator_count": 1716, "is_author": false, "is_subscribing": null, "subscriber_count": 417, "modified_text": "1132 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "FileHash-MD5", "related_indicator_is_active": 1 }, { "id": "63f106ff111b27f61ceec85e", "name": "23", "description": "", "modified": "2023-02-18T17:12:31.066000", "created": "2023-02-18T17:12:31.066000", "tags": [ "www.lists.mwsys.mine.bz" ], "references": [ "https://www.virustotal.com/graph/ga565cd28cb004dfc90132273ccff8663cc04dfabd88947d49c378c82a31a01c3", "all about the www's" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": "63bb5b61ab5d5c9ebc74a954", "export_count": 9, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "ikkeookniet", "id": "120587", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_120587/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 564, "URL": 875, "FileHash-SHA256": 491, "domain": 204, "FileHash-MD5": 83, "FileHash-SHA1": 83 }, "indicator_count": 2300, "is_author": false, "is_subscribing": null, "subscriber_count": 2, "modified_text": "1197 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "FileHash-MD5", "related_indicator_is_active": 1 }, { "id": "63bb5b61ab5d5c9ebc74a954", "name": "evil.in bum.ms - www.lists.mwsys.mine.bz", "description": "", "modified": "2023-02-07T22:01:16.959000", "created": "2023-01-09T00:10:09.776000", "tags": [ "www.lists.mwsys.mine.bz" ], "references": [ "https://www.virustotal.com/graph/ga565cd28cb004dfc90132273ccff8663cc04dfabd88947d49c378c82a31a01c3", "all about the www's" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 6, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "callmeDoris", "id": "205385", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 564, "URL": 875, "FileHash-SHA256": 491, "domain": 204, "FileHash-MD5": 83, "FileHash-SHA1": 83 }, "indicator_count": 2300, "is_author": false, "is_subscribing": null, "subscriber_count": 91, "modified_text": "1208 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "FileHash-MD5", "related_indicator_is_active": 1 }, { "id": "637b96f0fedd36a73e1ca75e", "name": "NannyCore", "description": "", "modified": "2022-12-21T15:02:42.187000", "created": "2022-11-21T15:19:12.586000", "tags": [ "main", "connections ip" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 91, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "mokomoko1", "id": "45776", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_45776/resized/80/avatar_c26be60cfd.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 2, "FileHash-MD5": 6, "FileHash-SHA1": 6, "FileHash-SHA256": 22 }, "indicator_count": 36, "is_author": false, "is_subscribing": null, "subscriber_count": 347, "modified_text": "1256 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "FileHash-MD5", "related_indicator_is_active": 1 }, { "id": "6364d30146f60f11dd956476", "name": "The A \u2013 Z of Raccoon Stealer Version 2", "description": "Raccoon Stealer is a kind of malware that steals data information from an infected machine. It is a basic malware, but malicious actors who provide excellent service and simple navigation have made Raccoon Stealer popular. \nIn terms of the core functionality this virus depending on the configuration enabled by an attacker, by checking system settings, capture screenshots, collect basic information like OS version, IP and username and steal passwords and logins from a variety of browsers. The stealer can retrieve information from Microsoft Outlook as well as steal cryptocurrency wallets as well.\nWhen the data collection process ends the data is packed into a .ZIP archive that is then sent to the attackers' server.", "modified": "2022-12-04T08:00:13.501000", "created": "2022-11-04T08:53:21.725000", "tags": [ "raccoon", "remote access", "any.run", "azorult", "agent tesla", "ave maria", "warzone", "danabot", "raccoon malware", "raccoon stealer", "mohazo", "racealer", "redline", "os version", "rats", "russia", "ukraine", "belarus", "fallout", "open", "info", "ursnif", "hawkeye", "galaxy store", "html", "js code", "samsung mcs", "direct page", "samsung", "webview", "mcswebbridge", "string", "head", "first", "download", "body" ], "references": [ "https://any.run/malware-trends/raccoon?utm_source=hacker_news&utm_medium=article&utm_campaign=raccoon&utm_content=mtt" ], "public": 1, "adversary": "", "targeted_countries": [ "Uzbekistan", "Tajikistan", "Armenia", "Kyrgyzstan", "Kazakhstan", "Belarus", "Ukraine", "Russian Federation" ], "malware_families": [ { "id": "Danabot", "display_name": "Danabot", "target": null }, { "id": "WARZONE", "display_name": "WARZONE", "target": null }, { "id": "Ave Maria", "display_name": "Ave Maria", "target": null }, { "id": "Agent Tesla", "display_name": "Agent Tesla", "target": null }, { "id": "Azorult", "display_name": "Azorult", "target": null }, { "id": "ANY.RUN", "display_name": "ANY.RUN", "target": null }, { "id": "Remote Access", "display_name": "Remote Access", "target": null }, { "id": "Raccoon", "display_name": "Raccoon", "target": null } ], "attack_ids": [ { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1114", "name": "Email Collection", "display_name": "T1114 - Email Collection" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1218", "name": "Signed Binary Proxy Execution", "display_name": "T1218 - Signed Binary Proxy Execution" }, { "id": "T1176", "name": "Browser Extensions", "display_name": "T1176 - Browser Extensions" }, { "id": "T1543", "name": "Create or Modify System Process", "display_name": "T1543 - Create or Modify System Process" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" } ], "industries": [ "Military" ], "TLP": "white", "cloned_from": null, "export_count": 314, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Provintell-Lab", "id": "112104", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 10, "FileHash-SHA1": 9, "FileHash-SHA256": 21, "URL": 1, "domain": 8, "hostname": 7 }, "indicator_count": 56, "is_author": false, "is_subscribing": null, "subscriber_count": 254, "modified_text": "1273 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "FileHash-MD5", "related_indicator_is_active": 1 }, { "id": "63627764f91364985a4ea234", "name": "Inside Raccoon Stealer V2", "description": "Any.RUN\u2019s new features allow malware experts to carry out deep analysis of malware processes and investigate events and incidents within the process, with the help of a time machine and a new advanced feature.", "modified": "2022-12-02T13:00:51.149000", "created": "2022-11-02T13:57:56.464000", "tags": [ "raccoon", "remote access", "october", "any.run", "azorult", "agent tesla", "ave maria", "warzone", "danabot", "raccoon malware", "raccoon stealer", "mohazo", "racealer", "redline", "os version", "rats", "russia", "ukraine", "belarus", "fallout", "open", "info", "ursnif", "hawkeye", "advanced", "synchronization", "examine", "compare", "danger", "warning", "click", "behavior", "deep", "group", "socelars", "malware" ], "references": [ "https://any.run/cybersecurity-blog/malware-details/", "https://any.run/malware-trends/raccoon?utm_source=hacker_news&utm_medium=article&utm_campaign=raccoon&utm_content=mtt" ], "public": 1, "adversary": "", "targeted_countries": [ "Uzbekistan", "Tajikistan", "Armenia", "Kyrgyzstan", "Kazakhstan", "Belarus", "Ukraine", "Russian Federation" ], "malware_families": [ { "id": "Danabot", "display_name": "Danabot", "target": null }, { "id": "WARZONE", "display_name": "WARZONE", "target": null }, { "id": "Ave Maria", "display_name": "Ave Maria", "target": null }, { "id": "Agent Tesla", "display_name": "Agent Tesla", "target": null }, { "id": "Azorult", "display_name": "Azorult", "target": null }, { "id": "ANY.RUN", "display_name": "ANY.RUN", "target": null }, { "id": "October", "display_name": "October", "target": null }, { "id": "Remote Access", "display_name": "Remote Access", "target": null }, { "id": "Raccoon", "display_name": "Raccoon", "target": null } ], "attack_ids": [ { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1114", "name": "Email Collection", "display_name": "T1114 - Email Collection" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1218", "name": "Signed Binary Proxy Execution", "display_name": "T1218 - Signed Binary Proxy Execution" }, { "id": "T1176", "name": "Browser Extensions", "display_name": "T1176 - Browser Extensions" }, { "id": "T1543", "name": "Create or Modify System Process", "display_name": "T1543 - Create or Modify System Process" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" } ], "industries": [ "Military" ], "TLP": "white", "cloned_from": null, "export_count": 11, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "bluewatcher", "id": "174522", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 18, "FileHash-SHA1": 17, "FileHash-SHA256": 29, "domain": 9, "hostname": 6, "URL": 1 }, "indicator_count": 80, "is_author": false, "is_subscribing": null, "subscriber_count": 115, "modified_text": "1275 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "FileHash-MD5", "related_indicator_is_active": 1 }, { "id": "634bb0f09e9611f603fa2eef", "name": "IOCS202210160921", "description": "", "modified": "2022-11-15T07:00:34.768000", "created": "2022-10-16T07:21:20.943000", "tags": [ "hashes", "domains", "emotet", "fake net", "vba code", "emotet malware", "flawedammyy", "agent tesla", "emotet trojan", "powershell code", "appdata", "emotet virus", "wcry", "wannacry", "microsoft", "first", "http get", "eternalblue", "email", "desktop", "ms17010" ], "references": [ "a25.txt", "a1.txt", "a2.txt", "a0.txt", "a4.txt", "a9.txt", "a10.txt", "a12.txt", "a11.txt", "a16.txt", "a21.txt", "a20.txt" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 11, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlessandroFiori", "id": "91912", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_91912/resized/80/avatar_2b1b2b88b6.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 232, "FileHash-SHA1": 232, "FileHash-SHA256": 437, "domain": 65, "hostname": 48, "URL": 2 }, "indicator_count": 1016, "is_author": false, "is_subscribing": null, "subscriber_count": 418, "modified_text": "1292 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "FileHash-MD5", "related_indicator_is_active": 1 }, { "id": "6304f3ff75ddd692ffa71953", "name": "Cyber Threat IOCs_Week35_2022", "description": "Here is a full list of links to the malware that has infected more than 200,000 people in the past two weeks and is being investigated by the UK's National Security Agency (NSA).", "modified": "2022-09-22T00:02:31.511000", "created": "2022-08-23T15:36:31.988000", "tags": [ "hashes domains", "netherlands", "romania", "ip address", "blacklist host", "ip country", "latest spambot", "visit", "activity", "paraguay", "algeria", "remcosrat", "mozi", "asyncrat exe", "arechclient2", "redlinestealer", "loader quakbot", "rm3 xlsb", "loader rm3", "netsupport", "irata", "date", "malware url", "tags", "formbook", "neshta", "azorult", "asyncrat" ], "references": [], "public": 1, "adversary": "Cyber Threat IOCs_Week35_2022", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 47, "FileHash-SHA1": 47, "FileHash-SHA256": 109, "domain": 45, "URL": 41, "hostname": 56 }, "indicator_count": 345, "is_author": false, "is_subscribing": null, "subscriber_count": 108, "modified_text": "1347 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "FileHash-MD5", "related_indicator_is_active": 1 }, { "id": "62a3a837cb46fee746daf4d3", "name": "Agent Tesla Malware Analysis, Overview by ANY.RUN", "description": "AIDetectNet.com is a security firm that tracks and tracks malware, including the Agent Tesla virus, which is being sold by attackers in Turkey, who are believed to be trying to steal passwords.", "modified": "2022-07-10T00:00:39.429000", "created": "2022-06-10T20:23:19.290000", "tags": [ "agent tesla", "remote access", "tesla", "ave maria", "warzone", "danabot", "darkcomet", "agenttesla", "network stream", "official", "website", "discord server", "turkey", "c2 server", "windows", "iocs", "vidar", "icedid", "email" ], "references": [ "https://any.run/malware-trends/agenttesla" ], "public": 1, "adversary": "Email", "targeted_countries": [], "malware_families": [ { "id": "Agent Tesla", "display_name": "Agent Tesla", "target": null }, { "id": "Remote Access", "display_name": "Remote Access", "target": null }, { "id": "DarkComet", "display_name": "DarkComet", "target": null }, { "id": "Danabot", "display_name": "Danabot", "target": null }, { "id": "WARZONE", "display_name": "WARZONE", "target": null }, { "id": "Ave Maria", "display_name": "Ave Maria", "target": null }, { "id": "Tesla", "display_name": "Tesla", "target": null } ], "attack_ids": [ { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1113", "name": "Screen Capture", "display_name": "T1113 - Screen Capture" }, { "id": "T1114", "name": "Email Collection", "display_name": "T1114 - Email Collection" } ], "industries": [ "Military" ], "TLP": "white", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "cwilson2734", "id": "188503", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 12, "FileHash-MD5": 5, "FileHash-SHA1": 6, "FileHash-SHA256": 20, "CVE": 1, "domain": 4 }, "indicator_count": 48, "is_author": false, "is_subscribing": null, "subscriber_count": 31, "modified_text": "1421 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "FileHash-MD5", "related_indicator_is_active": 1 }, { "id": "61dd438dc8645b7d6f44d6fd", "name": "NanoCore RAT Analysis, Overview by ANY.RUN", "description": "Nanocore is the world\u2019s most dangerous malware and it is now being used in attacks all around the globe, but how do you track it and what can you find out about it?", "modified": "2022-02-10T00:05:02.163000", "created": "2022-01-11T08:45:01.304000", "tags": [ "nanocore", "remote access", "agent tesla", "any.run", "ave maria", "warzone", "danabot", "nanocore rat", "official", "website", "rats", "access trojan", "regardless", "nanocore author", "nanocoredotio", "nanocore a", "vidar", "trojan" ], "references": [ "https://any.run/malware-trends/nanocore" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [ { "id": "NanoCore", "display_name": "NanoCore", "target": null }, { "id": "Remote Access", "display_name": "Remote Access", "target": null }, { "id": "Agent Tesla", "display_name": "Agent Tesla", "target": null }, { "id": "Danabot", "display_name": "Danabot", "target": null }, { "id": "WARZONE", "display_name": "WARZONE", "target": null }, { "id": "Ave Maria", "display_name": "Ave Maria", "target": null }, { "id": "ANY.RUN", "display_name": "ANY.RUN", "target": null } ], "attack_ids": [ { "id": "T1127", "name": "Trusted Developer Utilities Proxy Execution", "display_name": "T1127 - Trusted Developer Utilities Proxy Execution" }, { "id": "T1114", "name": "Email Collection", "display_name": "T1114 - Email Collection" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1104", "name": "Multi-Stage Channels", "display_name": "T1104 - Multi-Stage Channels" } ], "industries": [ "Military" ], "TLP": "white", "cloned_from": null, "export_count": 6, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "teja.batchu@sisainfosec.com", "id": "176081", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 3, "FileHash-SHA1": 2, "FileHash-SHA256": 20, "domain": 3, "hostname": 12 }, "indicator_count": 40, "is_author": false, "is_subscribing": null, "subscriber_count": 37, "modified_text": "1571 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "FileHash-MD5", "related_indicator_is_active": 1 } ], "references": [ "a12.txt", "https://myip.ms/", "https://urlhaus.abuse.ch/", "a16.txt", "https://any.run/malware-trends/raccoon?utm_source=hacker_news&utm_medium=article&utm_campaign=raccoon&utm_content=mtt", "all about the www's", "a1.txt", "https://myip.ms/browse/blacklist/Blacklist_IP_Blacklist_IP_Addresses_Live_Database_Real-time#a", "a2.txt", "a10.txt", "a20.txt", "https://urlhaus.abuse.ch/browse/", "https://any.run/cybersecurity-blog/malware-details/", "a0.txt", "https://any.run/malware-trends/", "a21.txt", "https://urlhaus.abuse.ch/browse.php?search=.exe", "a9.txt", "https://any.run/malware-trends/agenttesla", "a25.txt", "a4.txt", "a11.txt", "https://myip.ms/browse/blacklist/Blacklist_IP_Blacklist_IP_Addresses_Live_Database_Real-time", "https://any.run/malware-trends/nanocore", "a.txt", "https://www.virustotal.com/graph/ga565cd28cb004dfc90132273ccff8663cc04dfabd88947d49c378c82a31a01c3" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [] }, "other": { "adversary": [ "Cyber Threat IOCs_Week35_2022", "Email" ], "malware_families": [ "October", "Wannacry", "Systembc", "Any.run", "Trickbot", "Cobalt strike", "Tesla", "Nanocore", "Danabot", "Superblack", "Remote access", "Wannycry", "Emotet", "Agent tesla", "Ave maria", "Linux", "Flawedammyy", "Azorult", "Darkcomet", "Lockbit", "Raccoon", "Akira", "Qbot", "Warzone" ], "industries": [ "Cryptocurrency", "Military" ] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 25, "pulses": [ { "id": "67ef8acdfe632a32bd164cbc", "name": "Threat Intel Report - W11-2025", "description": "These are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week. \n\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools. \n\nThese details may be used as an additional layer to verify the current security posture of an organization against latest cyber trends.", "modified": "2025-05-04T07:02:31.627000", "created": "2025-04-04T07:31:25.772000", "tags": [ "mozi", "germany", "india", "china", "grouped", "vietnam", "united kingdom", "singapore", "week", "group", "indonesia", "clearfake", "asyncrat", "stealc", "smartloader", "mexico", "remcos", "malware", "date", "belarus", "ukraine", "amadey", "lockbit", "linux", "superblack", "akira" ], "references": [ "https://urlhaus.abuse.ch/", "https://any.run/malware-trends/" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [ { "id": "Linux", "display_name": "Linux", "target": null }, { "id": "SuperBlack", "display_name": "SuperBlack", "target": null }, { "id": "Akira", "display_name": "Akira", "target": null }, { "id": "LockBit", "display_name": "LockBit", "target": null } ], "attack_ids": [ { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" } ], "industries": [ "Cryptocurrency" ], "TLP": "white", "cloned_from": null, "export_count": 21, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 91, "FileHash-MD5": 51, "FileHash-SHA1": 51, "FileHash-SHA256": 117, "domain": 62, "hostname": 114 }, "indicator_count": 486, "is_author": false, "is_subscribing": null, "subscriber_count": 106, "modified_text": "391 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "FileHash-MD5", "related_indicator_is_active": 1 }, { "id": "6718d5365b2f8eed9f8fa754", "name": "Threat Intel Report - W43-2024", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced from various channels and tools.\nThese are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week.\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools.\nThese details may be used as an additional layer to verify the current security posture of an organization against latest cyber trends.", "modified": "2024-11-22T10:00:39.242000", "created": "2024-10-23T10:51:34.212000", "tags": [ "mozi", "mozi link", "brazil", "germany", "singapore", "panama", "china", "france", "week", "turkey", "indonesia", "stealc", "asyncrat", "remcos", "coinminer", "ukraine", "amadey" ], "references": [ "https://myip.ms/browse/blacklist/Blacklist_IP_Blacklist_IP_Addresses_Live_Database_Real-time", "https://any.run/malware-trends/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 27, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 46, "FileHash-SHA1": 46, "FileHash-SHA256": 117, "URL": 202, "domain": 52, "hostname": 75 }, "indicator_count": 538, "is_author": false, "is_subscribing": null, "subscriber_count": 108, "modified_text": "554 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "FileHash-MD5", "related_indicator_is_active": 1 }, { "id": "6718d3f1b2d95f85c40b2233", "name": "Threat Intel Report - W42-2024", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced from various channels and tools.\nThese are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week.\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools.\nThese details may be used as an additional layer to verify the current security posture of an organization against latest cyber trends.", "modified": "2024-11-22T10:00:39.242000", "created": "2024-10-23T10:46:09.554000", "tags": [ "mozi", "mozi link", "brazil", "germany", "singapore", "panama", "china", "france", "week", "turkey", "indonesia", "stealc", "asyncrat", "remcos", "coinminer", "ukraine", "amadey" ], "references": [ "https://myip.ms/browse/blacklist/Blacklist_IP_Blacklist_IP_Addresses_Live_Database_Real-time", "https://any.run/malware-trends/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 27, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 46, "FileHash-SHA1": 46, "FileHash-SHA256": 117, "URL": 202, "domain": 52, "hostname": 75 }, "indicator_count": 538, "is_author": false, "is_subscribing": null, "subscriber_count": 107, "modified_text": "554 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "FileHash-MD5", "related_indicator_is_active": 1 }, { "id": "6718d3efafe0408a73fde2b6", "name": "Threat Intel Report - W42-2024", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced from various channels and tools.\nThese are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week.\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools.\nThese details may be used as an additional layer to verify the current security posture of an organization against latest cyber trends.", "modified": "2024-11-22T10:00:39.242000", "created": "2024-10-23T10:46:07.116000", "tags": [ "mozi", "mozi link", "brazil", "germany", "singapore", "panama", "china", "france", "week", "turkey", "indonesia", "stealc", "asyncrat", "remcos", "coinminer", "ukraine", "amadey" ], "references": [ "https://myip.ms/browse/blacklist/Blacklist_IP_Blacklist_IP_Addresses_Live_Database_Real-time", "https://any.run/malware-trends/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 29, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 46, "FileHash-SHA1": 46, "FileHash-SHA256": 117, "URL": 202, "domain": 52, "hostname": 75 }, "indicator_count": 538, "is_author": false, "is_subscribing": null, "subscriber_count": 107, "modified_text": "554 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "FileHash-MD5", "related_indicator_is_active": 1 }, { "id": "6703d87eff4579a6c50ed9e6", "name": "Threat Intel Report - W37-2024", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced from various channels and tools. \n\nThese are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week. \n\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools. \n\nThese details may be used as an additional layer to verify the current security posture of an organization against latest cyber trends.", "modified": "2024-11-06T12:02:47.328000", "created": "2024-10-07T12:47:58.558000", "tags": [ "mozi", "germany", "brazil", "russia", "ukraine", "france", "india", "singapore", "spain", "week", "mexico", "remcos", "panama", "agent tesla", "dbatloader", "warzonerat", "formbook" ], "references": [ "https://myip.ms/browse/blacklist/Blacklist_IP_Blacklist_IP_Addresses_Live_Database_Real-time", "https://any.run/malware-trends/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 31, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 52, "FileHash-SHA1": 52, "FileHash-SHA256": 118, "URL": 193, "domain": 8, "hostname": 156 }, "indicator_count": 579, "is_author": false, "is_subscribing": null, "subscriber_count": 106, "modified_text": "570 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "FileHash-MD5", "related_indicator_is_active": 1 }, { "id": "6696324b10bd4d2a34d1a1a2", "name": "Threat Intel Report - W26-2024", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced from various channels and tools. \n\nThese are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week. \n\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools. \n\nThese details may be used as an additional layer to verify the current security posture of an organization against latest cyber trends.", "modified": "2024-08-15T08:00:39.221000", "created": "2024-07-16T08:41:47.431000", "tags": [ "mozi", "mozi link", "germany", "week", "poland", "canada", "panama", "urls http", "ukraine", "japan", "remcos", "formbook", "agent tesla", "asyncrat", "xworm" ], "references": [ "https://myip.ms/browse/blacklist/Blacklist_IP_Blacklist_IP_Addresses_Live_Database_Real-time#a", "https://urlhaus.abuse.ch/browse.php?search=.exe" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 15, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 59, "FileHash-SHA1": 59, "FileHash-SHA256": 116, "URL": 96, "domain": 62, "hostname": 104 }, "indicator_count": 496, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "653 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "FileHash-MD5", "related_indicator_is_active": 1 }, { "id": "66434c68052cc97daee0448f", "name": "Threat Intel Report - W13-2024", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced from various channels and tools. \n\nThese are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week. \n\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools. \n\nThese details may be used as an additional layer to verify the current security posture of an organization against latest cyber trends.", "modified": "2024-06-13T11:00:15.938000", "created": "2024-05-14T11:35:04.150000", "tags": [ "mozi", "mozi link", "snoopy", "mexico", "russia", "urls https", "sha values", "file name", "submit date", "ukraine", "date", "originlogger" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 7, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 98, "FileHash-MD5": 64, "FileHash-SHA1": 64, "FileHash-SHA256": 123, "URL": 171, "domain": 12 }, "indicator_count": 532, "is_author": false, "is_subscribing": null, "subscriber_count": 107, "modified_text": "716 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "FileHash-MD5", "related_indicator_is_active": 1 }, { "id": "6643488e142fe7b1d26979ee", "name": "Threat Intel Report - W14-2024", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced from various channels and tools. \n\nThese are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week. \n\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools. \n\nThese details may be used as an additional layer to verify the current security posture of an organization against latest cyber trends.", "modified": "2024-06-13T11:00:15.938000", "created": "2024-05-14T11:18:38.642000", "tags": [ "mozi", "mozi link", "germany", "bulgaria", "russia", "japan", "united kingdom", "ireland", "mexico", "canada", "pikabot", "indonesia", "slovakia", "panama" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 9, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 94, "FileHash-MD5": 56, "FileHash-SHA1": 56, "FileHash-SHA256": 120, "URL": 181, "domain": 9 }, "indicator_count": 516, "is_author": false, "is_subscribing": null, "subscriber_count": 106, "modified_text": "716 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "FileHash-MD5", "related_indicator_is_active": 1 }, { "id": "661dfd16f6abf8a44b155dcd", "name": "Threat Intel Report - W10-2024", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced from various channels and tools. \n\nThese are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week. \n\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools. \n\nThese details may be used as an additional layer to verify the current security posture of an organization against latest cyber trends.", "modified": "2024-05-16T04:03:48.331000", "created": "2024-04-16T04:22:46.826000", "tags": [ "urls http", "urls https", "sha values", "malware url", "ip address", "blacklist", "urls ftp", "domains" ], "references": [ "https://urlhaus.abuse.ch/browse.php?search=.exe", "https://myip.ms/browse/blacklist/Blacklist_IP_Blacklist_IP_Addresses_Live_Database_Real-time#a" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 21, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 57, "FileHash-SHA1": 57, "FileHash-SHA256": 102, "URL": 112, "domain": 6, "hostname": 107 }, "indicator_count": 441, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "745 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "FileHash-MD5", "related_indicator_is_active": 1 }, { "id": "661d1c52125a6a360ee6f264", "name": "Threat Intel Report - W6-2024", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced from various channels and tools. \n\nThese are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week. \n\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools. \n\nThese details may be used as an additional layer to verify the current security posture of an organization against latest cyber trends.", "modified": "2024-05-15T12:02:01.657000", "created": "2024-04-15T12:23:46.762000", "tags": [ "urls https", "urls http", "domains", "sha value", "malware url", "host" ], "references": [ "https://myip.ms/browse/blacklist/Blacklist_IP_Blacklist_IP_Addresses_Live_Database_Real-time#a", "https://urlhaus.abuse.ch/browse/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 16, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 125, "FileHash-MD5": 54, "FileHash-SHA1": 54, "FileHash-SHA256": 113, "domain": 7, "hostname": 103 }, "indicator_count": 456, "is_author": false, "is_subscribing": null, "subscriber_count": 106, "modified_text": "745 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "FileHash-MD5", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "cacacc25ddadeef052d7f9559e9af0db", "type": "Hash" }, "abuseipdb": null, "urlhaus": { "indicator": "cacacc25ddadeef052d7f9559e9af0db", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1780205791.1621904 }