{ "type": "Domain", "indicator": "check.office365-update.com", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/check.office365-update.com", "alexa": "http://www.alexa.com/siteinfo/check.office365-update.com", "indicator": "check.office365-update.com", "type": "domain", "type_title": "Domain", "validation": [], "base_indicator": {}, "pulse_info": { "count": 0, "pulses": [], "references": [], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [] }, "other": { "adversary": [], "malware_families": [], "industries": [] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 1, "pulses": [ { "id": "69f3a95eda9a5492f5d1b6f4", "name": "Inside Shadow-Earth-053: A China-Aligned Cyberespionage Campaign Against Government and Defense Sectors in Asia", "description": "A China-aligned threat group designated SHADOW-EARTH-053 has been conducting cyberespionage operations against government entities and critical infrastructure across at least eight countries in South, East, and Southeast Asia, plus one NATO member state, since December 2024. The group exploits unpatched Microsoft Exchange vulnerabilities, particularly the ProxyLogon chain, to gain initial access and deploys GODZILLA web shells for persistence. ShadowPad implants are staged via DLL sideloading of legitimate signed executables. Nearly half of the compromised environments showed overlap with another intrusion set, SHADOW-EARTH-054, sharing identical tooling including Evil-CreateDump and IOX proxy. The attackers conduct extensive Active Directory reconnaissance, credential harvesting, and mailbox exfiltration targeting high-profile government officials and defense contractors. Multiple tunneling tools including GOST and Wstunnel establish covert command-and-control channels, while lateral movement leverages WM...", "author_name": "AlienVault", "modified": "2026-05-29T11:41:05.107000", "created": "2026-04-30T19:11:26.525000", "revision": 3, "tlp": "white", "public": 1, "adversary": "SHADOW-EARTH-053", "indicators": [ { "id": 2881717445, "indicator": "CVE-2021-26858", "type": "CVE", "created": "2026-04-30T19:11:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1, "role": null }, { "id": 2881717446, "indicator": "CVE-2021-26855", "type": "CVE", "created": "2026-04-30T19:11:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1, "role": null }, { "id": 2881717447, "indicator": "CVE-2021-27065", "type": "CVE", "created": "2026-04-30T19:11:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1, "role": null }, { "id": 2881717448, "indicator": "CVE-2021-26857", "type": "CVE", "created": "2026-04-30T19:11:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1, "role": null }, { "id": 3989678070, "indicator": "2616e7ec2d6c4b86a7fa1f4a762ae918", "type": "FileHash-MD5", "created": "2026-04-30T19:11:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1, "role": null }, { "id": 3989678096, "indicator": "e1bcf36ed2f7a60dd0dde52abf11c942e2657e31", "type": "FileHash-SHA1", "created": "2026-04-30T19:11:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1, "role": null }, { "id": 3989678103, "indicator": "23c2ebc8f9bac96b2fbbb9b00b457c48d65a9f66ec24fbfba339eeefd0539ad7", "type": "FileHash-SHA256", "created": "2026-04-30T19:11:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1, "role": null }, { "id": 4041185515, "indicator": "zimbra-beta.info", "type": "domain", "created": "2026-04-30T19:11:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1, "role": null }, { "id": 4157551390, "indicator": "CVE-2025-55182", "type": "CVE", "created": "2026-04-30T19:11:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1, "role": null }, { "id": 4158983127, "indicator": "194.38.11.3", "type": "IPv4", "created": "2026-04-30T19:11:27", "content": "", "title": "", "description": "", "expiration": "2026-05-30T19:00:00", "is_active": 1, "role": null }, { "id": 4160394006, "indicator": "check.office365-update.com", "type": "hostname", "created": "2026-04-30T19:11:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1, "role": null }, { "id": 4237413818, "indicator": "0c63857269205f6505c259a56ea53b23b2bf7432aabb8647d59b321232ca7e36", "type": "FileHash-SHA256", "created": "2026-04-30T19:11:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1, "role": null }, { "id": 4262501952, "indicator": "96.9.125.227", "type": "IPv4", "created": "2026-04-30T19:11:27", "content": "", "title": "", "description": "", "expiration": "2026-05-30T19:00:00", "is_active": 1, "role": null }, { "id": 4275699032, "indicator": "nslookup.dnserver.life", "type": "hostname", "created": "2026-04-30T19:11:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1, "role": null }, { "id": 4275699035, "indicator": "router.dnserver.life", "type": "hostname", "created": "2026-04-30T19:11:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1, "role": null }, { "id": 4336935395, "indicator": "0933fbd16c7a8b70199f5612e147a22c", "type": "FileHash-MD5", "created": "2026-04-30T19:11:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1, "role": null }, { "id": 4336935396, "indicator": "531da3715b1e4fc9baeaa034888ac419", "type": "FileHash-MD5", "created": "2026-04-30T19:11:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1, "role": null }, { "id": 4336935397, "indicator": "a85459a1ec90a52b5c1f2f5a12bb2d10", "type": "FileHash-MD5", "created": "2026-04-30T19:11:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1, "role": null }, { "id": 4336935398, "indicator": "128f3ad395f86be6569ef2a957d42902a910de6c", "type": "FileHash-SHA1", "created": "2026-04-30T19:11:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1, "role": null }, { "id": 4336935399, "indicator": "211e1fc502152ea272edb5a81a5b4405a28c48f9", "type": "FileHash-SHA1", "created": "2026-04-30T19:11:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1, "role": null }, { "id": 4336935400, "indicator": "2dc1ad07b7529af3ba5c11a58519681909971a81", "type": "FileHash-SHA1", "created": "2026-04-30T19:11:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1, "role": null }, { "id": 4336935401, "indicator": "2dd614427b80cdd38e8bbe0ace24a484671c0da2", "type": "FileHash-SHA1", "created": "2026-04-30T19:11:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1, "role": null }, { "id": 4336935402, "indicator": "31b3dd9ee46805b0ed6e6dd6a5ee17facadfd2ff", "type": "FileHash-SHA1", "created": "2026-04-30T19:11:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1, "role": null }, { "id": 4336935403, "indicator": "3229ba46dd54802093c81e6e2123fd1520faf960", "type": "FileHash-SHA1", "created": "2026-04-30T19:11:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1, "role": null }, { "id": 4336935404, "indicator": "35cc0b684b0906aed9d672a1a8635510fe91aa67", "type": "FileHash-SHA1", "created": "2026-04-30T19:11:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1, "role": null }, { "id": 4336935405, "indicator": "36061be6ccd17e87e3d1ef15f8e7058f279439d1", "type": "FileHash-SHA1", "created": "2026-04-30T19:11:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1, "role": null }, { "id": 4336935406, "indicator": "3f858c007d4d49dd7fa260bcc786c34d4f78dbf5", "type": "FileHash-SHA1", "created": "2026-04-30T19:11:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1, "role": null }, { "id": 4336935407, "indicator": "4541e55b70ca12ae4a79e38c0b4c31f067eb5cdc", "type": "FileHash-SHA1", "created": "2026-04-30T19:11:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1, "role": null }, { "id": 4336935408, "indicator": "579bc9a640ac939b1f75eda852815f063cebd332", "type": "FileHash-SHA1", "created": "2026-04-30T19:11:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1, "role": null }, { "id": 4336935409, "indicator": "824f13f758ce278f72a4aeaf1e15a703d5107dd7", "type": "FileHash-SHA1", "created": "2026-04-30T19:11:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1, "role": null }, { "id": 4336935410, "indicator": "861a686461ad830b268977808ba56730616c7684", "type": "FileHash-SHA1", "created": "2026-04-30T19:11:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1, "role": null }, { "id": 4336935411, "indicator": "8a5ac2682d70eacff7eb554e242227c82e2baa94", "type": "FileHash-SHA1", "created": "2026-04-30T19:11:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1, "role": null }, { "id": 4336935412, "indicator": "9244cd99a27a8741a78e0b449cea063fdcfb0090", "type": "FileHash-SHA1", "created": "2026-04-30T19:11:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1, "role": null }, { "id": 4336935413, "indicator": "95015643ecb3ba321b8cff8eca2907e5356e8659", "type": "FileHash-SHA1", "created": "2026-04-30T19:11:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1, "role": null }, { "id": 4336935414, "indicator": "9a83466f6c34e588ba3e99d6cbfac0102e173cdd", "type": "FileHash-SHA1", "created": "2026-04-30T19:11:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1, "role": null }, { "id": 4336935415, "indicator": "ac7ffce58c70fb9f837e11a44d655d6c28e276f5", "type": "FileHash-SHA1", "created": "2026-04-30T19:11:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1, "role": null }, { "id": 4336935416, "indicator": "b8d586d376b342b08b3dd8a77c788480e025ad12", "type": "FileHash-SHA1", "created": "2026-04-30T19:11:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1, "role": null }, { "id": 4336935417, "indicator": "ebfd92291714e6d7e57cf4830aa8f87950b796bb", "type": "FileHash-SHA1", "created": "2026-04-30T19:11:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1, "role": null }, { "id": 4336935418, "indicator": "ec38a56f9368eac67106a4ad61538e12053f03d1", "type": "FileHash-SHA1", "created": "2026-04-30T19:11:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1, "role": null }, { "id": 4336935419, "indicator": "03a89ea5a8604e8bc09a4249211e20404a2c7047adda65a57deeb46abb1fb116", "type": "FileHash-SHA256", "created": "2026-04-30T19:11:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1, "role": null }, { "id": 4336935420, "indicator": "0c8c562ed7343d28c76d93a88bd0534440d0e71292ebcee66314d6d5c2f34403", "type": "FileHash-SHA256", "created": "2026-04-30T19:11:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1, "role": null }, { "id": 4336935421, "indicator": "0eb72c1f1605d999488d903021d82a9ff4b937e6c1a1da50c55440f018e83ad9", "type": "FileHash-SHA256", "created": "2026-04-30T19:11:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1, "role": null }, { "id": 4336935422, "indicator": "0eda83335334d3c877578326a5843d3e2a3b745834de27eac00b694262e2b1ed", "type": "FileHash-SHA256", "created": "2026-04-30T19:11:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1, "role": null }, { "id": 4336935423, "indicator": "0fff684fa209cb79ab1104da3cfbbf4c950078e14e54c2564d130abbd4e464a9", "type": "FileHash-SHA256", "created": "2026-04-30T19:11:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1, "role": null }, { "id": 4336935424, "indicator": "165cc3a9a40e04c469e5c818943920f38dc48db2c2365f1a71bb52c9582f0ea9", "type": "FileHash-SHA256", "created": "2026-04-30T19:11:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1, "role": null }, { "id": 4336935425, "indicator": "188c72b101cd8ad96ef971e8943bddb3acd9dc45fe1d8719217d171e600a29aa", "type": "FileHash-SHA256", "created": "2026-04-30T19:11:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1, "role": null }, { "id": 4336935426, "indicator": "1a5da90175ff7b55ddafcdb816adf574b92a112604019b219d82adab820fb3a2", "type": "FileHash-SHA256", "created": "2026-04-30T19:11:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1, "role": null }, { "id": 4336935427, "indicator": "26f4c7f37448911310adf20e6e74aac60e92b97591f4ac9e5e21cc503be8da16", "type": "FileHash-SHA256", "created": "2026-04-30T19:11:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1, "role": null }, { "id": 4336935428, "indicator": "2dd93edc8cc64747a7ca94b6827dc4e5b1e385d493ed4450272dd1dfc52a6255", "type": "FileHash-SHA256", "created": "2026-04-30T19:11:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1, "role": null }, { "id": 4336935429, "indicator": "3dffbfcb825a70e477474e88b18679557ef467de37fc26e45ddbe572f520c52a", "type": "FileHash-SHA256", "created": "2026-04-30T19:11:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1, "role": null }, { "id": 4336935430, "indicator": "3f6382418d0137f6ecbef23bfd981938bb86a935b27203f5b053e3710e835f97", "type": "FileHash-SHA256", "created": "2026-04-30T19:11:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1, "role": null }, { "id": 4336935431, "indicator": "4173c218efe31a6b36df714cf4e1073696f3acbe7edd1b7fcba01e4a2d923a27", "type": "FileHash-SHA256", "created": "2026-04-30T19:11:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1, "role": null }, { "id": 4336935432, "indicator": "41f74c3fc32752b5c7b88e7a5723441cb827958bc21b647fffae469407f1ce99", "type": "FileHash-SHA256", "created": "2026-04-30T19:11:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1, "role": null }, { "id": 4336935433, "indicator": "4f77b4fcfde7abb7e6d0e36104e433abfed3a9d9938bf7fbe0e9d1a0b2ccf265", "type": "FileHash-SHA256", "created": "2026-04-30T19:11:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1, "role": null }, { "id": 4336935434, "indicator": "55e929971a7975c7f9dfa4d677d5ec357af23a4ca208ef8f920804743e9011cd", "type": "FileHash-SHA256", "created": "2026-04-30T19:11:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1, "role": null }, { "id": 4336935435, "indicator": "5bf35daaf26508fc136157818ead48cc5c7fa3a3e6273cde2c757673586a78a6", "type": "FileHash-SHA256", "created": "2026-04-30T19:11:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1, "role": null }, { "id": 4336935436, "indicator": "5eb2122c4c645543966b07b94faccb5b4697561163382f21fb3b793b0d5cc9fe", "type": "FileHash-SHA256", "created": "2026-04-30T19:11:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1, "role": null }, { "id": 4336935437, "indicator": "75d0d5080afd091114818d082babc418ccb43d545d9fda1fb715af6c129b6e51", "type": "FileHash-SHA256", "created": "2026-04-30T19:11:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1, "role": null }, { "id": 4336935438, "indicator": "83e9f99a377566cf30df0ad71ca8522613b14d45e3e2eaead4a336509d26bef3", "type": "FileHash-SHA256", "created": "2026-04-30T19:11:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1, "role": null }, { "id": 4336935439, "indicator": "884601e54fc2e6833167d33436b68e952020cdb99507b2807feec1bc086027c2", "type": "FileHash-SHA256", "created": "2026-04-30T19:11:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1, "role": null }, { "id": 4336935440, "indicator": "8df8282da75ebe6cf1a535739991e3f298f903974a05966503d7fd2919ecea4e", "type": "FileHash-SHA256", "created": "2026-04-30T19:11:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1, "role": null }, { "id": 4336935441, "indicator": "97ea803792929f802388e9d0e75a3c79c28260d589bc2d87902c73c729ed6f9e", "type": "FileHash-SHA256", "created": "2026-04-30T19:11:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1, "role": null }, { "id": 4336935442, "indicator": "996fb4f7d1b3150490380c4ce9c7c3d60fac33bd6a7c1e3a46487021964cf3bb", "type": "FileHash-SHA256", "created": "2026-04-30T19:11:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1, "role": null }, { "id": 4336935443, "indicator": "9dda789b85fce6294f91a79b7271a93de36dfcef21fc680dc2bf4235141e47df", "type": "FileHash-SHA256", "created": "2026-04-30T19:11:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1, "role": null }, { "id": 4336935444, "indicator": "a5477ff2b3d6d475558abf03878dff0cca98c20c17aae35a8ad8e99e03293f89", "type": "FileHash-SHA256", "created": "2026-04-30T19:11:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1, "role": null }, { "id": 4336935445, "indicator": "a65483b86847995a67de0fcb2a5487cdbc96361cb2e9dea8ab74005c8fef65ce", "type": "FileHash-SHA256", "created": "2026-04-30T19:11:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1, "role": null }, { "id": 4336935446, "indicator": "b8a2a9ca58fb2b383a52f8be75cae44f08f2c3f8907bd8661ee8a4a78fd7dda3", "type": "FileHash-SHA256", "created": "2026-04-30T19:11:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1, "role": null }, { "id": 4336935447, "indicator": "c935ded2729f0513672e261170d73d4e0e13a9b837f104d840c44a39b84c0d71", "type": "FileHash-SHA256", "created": "2026-04-30T19:11:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1, "role": null }, { "id": 4336935448, "indicator": "d083b6d82765faffe738ebd0678c8eb01c1f1fac8d3c51ffdfe40e34da3ce902", "type": "FileHash-SHA256", "created": "2026-04-30T19:11:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1, "role": null }, { "id": 4336935449, "indicator": "e12c2682a7949661fa99bf46723a1405c658d109411de3bf6cb04c57337cc020", "type": "FileHash-SHA256", "created": "2026-04-30T19:11:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1, "role": null }, { "id": 4336935450, "indicator": "eff699456ed4c5938d53afdb8df0836d7cb953ed933ed1a2899ec43f6f9e540b", "type": "FileHash-SHA256", "created": "2026-04-30T19:11:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1, "role": null }, { "id": 4336935451, "indicator": "f19a67b9c8805b335676f0fc17495839327f8135f791aa11d5d9adba2c83cc1c", "type": "FileHash-SHA256", "created": "2026-04-30T19:11:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1, "role": null }, { "id": 4336935452, "indicator": "f43748a809680a23272ec684a8cce9af071ad165c3b01acdcd7fe501a0949745", "type": "FileHash-SHA256", "created": "2026-04-30T19:11:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1, "role": null }, { "id": 4336935453, "indicator": "microsi0ft.com", "type": "domain", "created": "2026-04-30T19:11:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1, "role": null }, { "id": 4336935454, "indicator": "zimbra.life", "type": "domain", "created": "2026-04-30T19:11:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1, "role": null }, { "id": 4336935455, "indicator": "cert.kaspersky.icu", "type": "hostname", "created": "2026-04-30T19:11:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1, "role": null }, { "id": 4336935456, "indicator": "check.dnsmaps.com", "type": "hostname", "created": "2026-04-30T19:11:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1, "role": null }, { "id": 4336935457, "indicator": "dns.dnserver.life", "type": "hostname", "created": "2026-04-30T19:11:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1, "role": null }, { "id": 4336935458, "indicator": "dns.dnsmap.icu", "type": "hostname", "created": "2026-04-30T19:11:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1, "role": null }, { "id": 4336935459, "indicator": "erp.kaspersky.icu", "type": "hostname", "created": "2026-04-30T19:11:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1, "role": null }, { "id": 4336935460, "indicator": "news.kaspersky.icu", "type": "hostname", "created": "2026-04-30T19:11:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1, "role": null }, { "id": 4336935461, "indicator": "ns1.group-ib.icu", "type": "hostname", "created": "2026-04-30T19:11:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1, "role": null }, { "id": 4336935462, "indicator": "ns1.kaspersky.icu", "type": "hostname", "created": "2026-04-30T19:11:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1, "role": null }, { "id": 4336935463, "indicator": "ns2.group-ib.icu", "type": "hostname", "created": "2026-04-30T19:11:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1, "role": null }, { "id": 4336935464, "indicator": "ns2.kaspersky.icu", "type": "hostname", "created": "2026-04-30T19:11:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1, "role": null }, { "id": 4336935465, "indicator": "time.microsofttrends.com", "type": "hostname", "created": "2026-04-30T19:11:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1, "role": null }, { "id": 4336935466, "indicator": "update.kaspersky.icu", "type": "hostname", "created": "2026-04-30T19:11:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1, "role": null }, { "id": 4336935467, "indicator": "ww12.dnserver.life", "type": "hostname", "created": "2026-04-30T19:11:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1, "role": null }, { "id": 4336935468, "indicator": "www.group-ib.icu", "type": "hostname", "created": "2026-04-30T19:11:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1, "role": null }, { "id": 4336935469, "indicator": "www.kaspersky.icu", "type": "hostname", "created": "2026-04-30T19:11:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1, "role": null }, { "id": 4336935470, "indicator": "7c698dd4090564b179309c2a64266424", "type": "FileHash-MD5", "created": "2026-04-30T19:11:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1, "role": null }, { "id": 4336935471, "indicator": "e5e0e0c0fadacee1105bd340fa1b2e6d", "type": "FileHash-MD5", "created": "2026-04-30T19:11:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1, "role": null }, { "id": 4336935472, "indicator": "82eb4b752c60b99b451f7a53b8ac856afe9deb88", "type": "FileHash-SHA1", "created": "2026-04-30T19:11:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1, "role": null }, { "id": 4336935473, "indicator": "c2870caa5f016822fdaf16e3c470f96eefd4b93f", "type": "FileHash-SHA1", "created": "2026-04-30T19:11:27", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1, "role": null } ], "tags": [ "vshell", "proxylogon exploitation", "godzilla", "exchange server compromise", "ringq", "godzilla webshell", "shadowpad", "noodlerat" ], "targeted_countries": [ "British Indian Ocean Territory", "India", "Malaysia", "Myanmar", "Pakistan", "Poland", "Sri Lanka", "Taiwan", "Thailand" ], "malware_families": [ "GODZILLA", "ShadowPad - S0596", "POISONPLUG.SHADOW", "NOODLERAT", "RingQ", "IOX", "VShell" ], "attack_ids": [ "T1053.005", "T1560.001", "T1047", "T1003.002", "T1087.002", "T1190", "T1021.002", "T1505.003", "T1021.006", "T1003.001", "T1041", "T1078", "T1027", "T1114.002", "T1071.001", "T1018", "T1574.002", "T1003.006", "T1090.001" ], "references": [ "https://www.trendmicro.com/en_us/research/26/d/inside-shadow-earth-053.html" ], "industries": [ "Government", "Defense", "Technology", "Transportation" ], "extract_source": [], "more_indicators": false, "indicator_count": 94 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "check.office365-update.com", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "check.office365-update.com", "found": false, "verdict": "clean", "urls": [], "error": null }, "from_cache": true, "_cached_at": 1780169840.4751246 }