{ "type": "Domain", "indicator": "cldvrfd.click", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/cldvrfd.click", "alexa": "http://www.alexa.com/siteinfo/cldvrfd.click", "indicator": "cldvrfd.click", "type": "domain", "type_title": "Domain", "validation": [], "base_indicator": { "id": 4249321787, "indicator": "cldvrfd.click", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 45, "pulses": [ { "id": "69bbbb60a8390fc9a5e0e715", "name": "EbeeMar2026 Pt4", "description": "Multiple APT/threat actors, Malware and Campaigns", "modified": "2026-04-18T08:06:12.483000", "created": "2026-03-19T09:01:20.593000", "tags": [ "filehashsha256", "filehashmd5", "filehashsha1", "email", "xdsfeerdfbn", "chlg url" ], "references": [ "IOCs.2026.4.csv" ], "public": 1, "adversary": "Operation GhostMail, CastleRAT, UNK_NightOwl, Fake Shipment Tracking Scams in MEA, Fake Claude Code ", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "IMEBEEIMFINE", "id": "343873", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 77, "FileHash-MD5": 122, "FileHash-SHA1": 103, "FileHash-SHA256": 164, "CVE": 25, "URL": 58, "domain": 107, "email": 30 }, "indicator_count": 686, "is_author": false, "is_subscribing": null, "subscriber_count": 40, "modified_text": "42 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69baa7b58b52ce8d9c292a05", "name": "HellsUchecker: ClickFix to blockchain-backed backdoor", "description": "HellsUchecker is a sophisticated native x64 backdoor, measuring 28 KB, known for its complex 10-stage attack chain that begins with a deceptive ClickFix lure, resembling a Cloudflare CAPTCHA, and culminates in a memory-resident payload that communicates with its command and control (C2) server over HTTPS.\n\nThe initial stage directs victims to a phishing page, http://h01-captcha.sbs, which replicates a legitimate CAPTCHA interface. Upon interaction, it prompts users to execute a malicious command line, facilitated by a clipboard payload that runs the legitimate Windows utility \"finger.exe\" on port 79. This utility fetches malicious commands hidden in a crafted .plan file from a malicious server. The payload then employs a series of instructions to disable the desktop's explorer.exe, download a legitimate Python embed package disguised as a PDF, and execute a secondary payload via a base64-encoded script.", "modified": "2026-04-17T13:02:58.639000", "created": "2026-03-18T13:25:09.956000", "tags": [ "backdoor", "blockchain", "etherhiding", "malware", "reverseengineering", "clickfix", "apis", "msbuild", "domain group", "peb walk", "python", "winhttp", "pe loader", "c2 server", "hell", "smart contract", "gate", "avalanche", "february", "august", "virustotal", "sandbox", "ukraine", "belarus", "armenia", "syscall", "cleanup", "shellcode", "date", "apache", "hosts", "global domain", "amos", "nist", "webcache", "odyssey", "kaspersky", "keccak256", "ethereum", "hellsuchecker", "eazfuscator" ], "references": [ "https://www.derp.ca/research/hellsuchecker-clickfix-etherhiding/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "HellsUchecker", "display_name": "HellsUchecker", "target": null } ], "attack_ids": [ { "id": "T1005", "name": "Data from Local System", "display_name": "T1005 - Data from Local System" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1027.005", "name": "Indicator Removal from Tools", "display_name": "T1027.005 - Indicator Removal from Tools" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1036.005", "name": "Match Legitimate Name or Location", "display_name": "T1036.005 - Match Legitimate Name or Location" }, { "id": "T1055.012", "name": "Process Hollowing", "display_name": "T1055.012 - Process Hollowing" }, { "id": "T1059.003", "name": "Windows Command Shell", "display_name": "T1059.003 - Windows Command Shell" }, { "id": "T1059.006", "name": "Python", "display_name": "T1059.006 - Python" }, { "id": "T1070.004", "name": "File Deletion", "display_name": "T1070.004 - File Deletion" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "PetrP.73", "id": "154605", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 4, "FileHash-SHA256": 5, "URL": 7, "domain": 8, "email": 1, "hostname": 11 }, "indicator_count": 36, "is_author": false, "is_subscribing": null, "subscriber_count": 542, "modified_text": "43 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69b6bc1ac1d9a90e385ca92a", "name": "Payload_Delivery | Mar 16, 2026 | Part 2/2", "description": "Payload_Delivery indicators. Date: Mar 16, 2026. Part 2/2. For more threat intelligence visit https://ltna.com.au/cyber", "modified": "2026-03-15T14:03:05.683000", "created": "2026-03-15T14:03:05.683000", "tags": [ "payload_delivery" ], "references": [ "https://ltna.com.au/cyber" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "LTNA-Australia", "id": "380633", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_380633/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 89, "hostname": 195, "URL": 79, "FileHash-SHA256": 9 }, "indicator_count": 372, "is_author": false, "is_subscribing": null, "subscriber_count": 91, "modified_text": "76 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69b56a84f14760edc6870528", "name": "Payload_Delivery | Mar 15, 2026 | Part 1/2", "description": "Payload_Delivery indicators. Date: Mar 15, 2026. Part 1/2. For more threat intelligence visit https://ltna.com.au/cyber", "modified": "2026-03-14T14:02:44.275000", "created": "2026-03-14T14:02:44.275000", "tags": [ "payload_delivery" ], "references": [ "https://ltna.com.au/cyber" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "LTNA-Australia", "id": "380633", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_380633/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 1171, "domain": 366, "URL": 300, "FileHash-MD5": 115, "FileHash-SHA256": 33, "FileHash-SHA1": 14 }, "indicator_count": 1999, "is_author": false, "is_subscribing": null, "subscriber_count": 92, "modified_text": "77 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69b41a97bb607b6513f81335", "name": "Payload_Delivery | Mar 14, 2026 | Part 1/2", "description": "Payload_Delivery indicators. Date: Mar 14, 2026. Part 1/2. For more threat intelligence visit https://ltna.com.au/cyber", "modified": "2026-03-13T14:09:27.029000", "created": "2026-03-13T14:09:27.029000", "tags": [ "payload_delivery" ], "references": [ "https://ltna.com.au/cyber" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "LTNA-Australia", "id": "380633", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_380633/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 268, "hostname": 1133, "domain": 333, "FileHash-SHA256": 64, "FileHash-MD5": 151, "FileHash-SHA1": 50 }, "indicator_count": 1999, "is_author": false, "is_subscribing": null, "subscriber_count": 91, "modified_text": "78 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69b2d0ea8d97c8719be9ca20", "name": "Payload_Delivery | Mar 13, 2026 | Part 1/2", "description": "Payload_Delivery indicators. Date: Mar 13, 2026. Part 1/2. For more threat intelligence visit https://ltna.com.au/cyber", "modified": "2026-03-12T14:42:50.661000", "created": "2026-03-12T14:42:50.661000", "tags": [ "payload_delivery" ], "references": [ "https://ltna.com.au/cyber" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "LTNA-Australia", "id": "380633", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_380633/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 311, "hostname": 1140, "URL": 217, "FileHash-MD5": 172, "FileHash-SHA256": 85, "FileHash-SHA1": 74 }, "indicator_count": 1999, "is_author": false, "is_subscribing": null, "subscriber_count": 91, "modified_text": "79 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69b0287b046ea9dcc7db5492", "name": "Payload_Delivery | Mar 11, 2026 | Part 1/2", "description": "Payload_Delivery indicators. Date: Mar 11, 2026. Part 1/2. For more threat intelligence visit https://ltna.com.au/cyber", "modified": "2026-03-10T14:19:39.302000", "created": "2026-03-10T14:19:39.302000", "tags": [ "payload_delivery" ], "references": [ "https://ltna.com.au/cyber" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "LTNA-Australia", "id": "380633", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_380633/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 1123, "domain": 308, "URL": 266, "FileHash-SHA256": 106, "FileHash-MD5": 100, "FileHash-SHA1": 95 }, "indicator_count": 1998, "is_author": false, "is_subscribing": null, "subscriber_count": 91, "modified_text": "81 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69af0ab1fd5d4b3ef92ea811", "name": "PreCog Sweep - 2026-03-09 18h", "description": "Novel threat indicators detected by PreCog Sweep Engine", "modified": "2026-03-09T18:00:17.355000", "created": "2026-03-09T18:00:17.355000", "tags": [ "precog", "automated", "novel-ioc", "c2", "malware" ], "references": [ "https://analytics.dugganusa.com/api/v1/stix/master", "https://github.com/pduggusa/dugganusa-research" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "pduggusa", "id": "371400", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_371400/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 197, "domain": 86, "URL": 110 }, "indicator_count": 393, "is_author": false, "is_subscribing": null, "subscriber_count": 193, "modified_text": "82 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69af03a73410ac4c38bafc54", "name": "PreCog Sweep - 2026-03-09 17h", "description": "Novel threat indicators detected by PreCog Sweep Engine", "modified": "2026-03-09T17:30:14.993000", "created": "2026-03-09T17:30:14.993000", "tags": [ "precog", "automated", "novel-ioc", "c2", "malware" ], "references": [ "https://analytics.dugganusa.com/api/v1/stix/master", "https://github.com/pduggusa/dugganusa-research" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "pduggusa", "id": "371400", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_371400/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 192, "domain": 85, "URL": 116 }, "indicator_count": 393, "is_author": false, "is_subscribing": null, "subscriber_count": 193, "modified_text": "82 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69aefca0934c0f8132a4548b", "name": "PreCog Sweep - 2026-03-09 17h", "description": "Novel threat indicators detected by PreCog Sweep Engine", "modified": "2026-03-09T17:00:16.565000", "created": "2026-03-09T17:00:16.565000", "tags": [ "precog", "automated", "novel-ioc", "c2", "malware" ], "references": [ "https://analytics.dugganusa.com/api/v1/stix/master", "https://github.com/pduggusa/dugganusa-research" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "pduggusa", "id": "371400", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_371400/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 188, "URL": 121, "domain": 84 }, "indicator_count": 393, "is_author": false, "is_subscribing": null, "subscriber_count": 193, "modified_text": "82 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69aef597006fdd0f419f0782", "name": "PreCog Sweep - 2026-03-09 16h", "description": "Novel threat indicators detected by PreCog Sweep Engine", "modified": "2026-03-09T16:30:15.764000", "created": "2026-03-09T16:30:15.764000", "tags": [ "precog", "automated", "novel-ioc", "c2", "malware" ], "references": [ "https://analytics.dugganusa.com/api/v1/stix/master", "https://github.com/pduggusa/dugganusa-research" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "pduggusa", "id": "371400", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_371400/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 185, "URL": 123, "domain": 85 }, "indicator_count": 393, "is_author": false, "is_subscribing": null, "subscriber_count": 193, "modified_text": "82 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69aeee93c59584cc777f7054", "name": "PreCog Sweep - 2026-03-09 16h", "description": "Novel threat indicators detected by PreCog Sweep Engine", "modified": "2026-03-09T16:00:18.981000", "created": "2026-03-09T16:00:18.981000", "tags": [ "precog", "automated", "novel-ioc", "c2", "malware" ], "references": [ "https://analytics.dugganusa.com/api/v1/stix/master", "https://github.com/pduggusa/dugganusa-research" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "pduggusa", "id": "371400", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_371400/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 126, "domain": 90, "hostname": 185 }, "indicator_count": 401, "is_author": false, "is_subscribing": null, "subscriber_count": 193, "modified_text": "82 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69aee78a76778a4ec1d35403", "name": "PreCog Sweep - 2026-03-09 15h", "description": "Novel threat indicators detected by PreCog Sweep Engine", "modified": "2026-03-09T15:30:18.502000", "created": "2026-03-09T15:30:18.502000", "tags": [ "precog", "automated", "novel-ioc", "c2", "malware" ], "references": [ "https://analytics.dugganusa.com/api/v1/stix/master", "https://github.com/pduggusa/dugganusa-research" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "pduggusa", "id": "371400", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_371400/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 191, "URL": 116, "domain": 100 }, "indicator_count": 407, "is_author": false, "is_subscribing": null, "subscriber_count": 193, "modified_text": "82 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69aee08496b21230b0fbcb3a", "name": "PreCog Sweep - 2026-03-09 15h", "description": "Novel threat indicators detected by PreCog Sweep Engine", "modified": "2026-03-09T15:00:20.071000", "created": "2026-03-09T15:00:20.071000", "tags": [ "precog", "automated", "novel-ioc", "c2", "malware" ], "references": [ "https://analytics.dugganusa.com/api/v1/stix/master", "https://github.com/pduggusa/dugganusa-research" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "pduggusa", "id": "371400", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_371400/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 187, "URL": 117, "domain": 102 }, "indicator_count": 406, "is_author": false, "is_subscribing": null, "subscriber_count": 193, "modified_text": "82 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69aed97a141effd159331b78", "name": "PreCog Sweep - 2026-03-09 14h", "description": "Novel threat indicators detected by PreCog Sweep Engine", "modified": "2026-03-09T14:30:18.088000", "created": "2026-03-09T14:30:18.088000", "tags": [ "precog", "automated", "novel-ioc", "c2", "malware" ], "references": [ "https://analytics.dugganusa.com/api/v1/stix/master", "https://github.com/pduggusa/dugganusa-research" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "pduggusa", "id": "371400", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_371400/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 179, "URL": 118, "domain": 109 }, "indicator_count": 406, "is_author": false, "is_subscribing": null, "subscriber_count": 192, "modified_text": "82 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69aed5f47baf25a1d6c8b3dc", "name": "Payload_Delivery | Mar 10, 2026", "description": "Payload_Delivery indicators. Date: Mar 10, 2026. Total: 1915 indicators. For more threat intelligence visit https://ltna.com.au/cyber", "modified": "2026-03-09T14:15:16.856000", "created": "2026-03-09T14:15:16.856000", "tags": [ "payload_delivery" ], "references": [ "https://ltna.com.au/cyber" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "LTNA-Australia", "id": "380633", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_380633/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 928, "domain": 296, "URL": 260, "FileHash-SHA256": 147, "FileHash-MD5": 141, "FileHash-SHA1": 137 }, "indicator_count": 1909, "is_author": false, "is_subscribing": null, "subscriber_count": 91, "modified_text": "82 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69aed2710aa8accccce8f51d", "name": "PreCog Sweep - 2026-03-09 14h", "description": "Novel threat indicators detected by PreCog Sweep Engine", "modified": "2026-03-09T14:00:17.657000", "created": "2026-03-09T14:00:17.657000", "tags": [ "precog", "automated", "novel-ioc", "c2", "malware" ], "references": [ "https://analytics.dugganusa.com/api/v1/stix/master", "https://github.com/pduggusa/dugganusa-research" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "pduggusa", "id": "371400", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_371400/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 178, "domain": 109, "URL": 117 }, "indicator_count": 404, "is_author": false, "is_subscribing": null, "subscriber_count": 192, "modified_text": "82 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69aecb697ad8228e7046d52f", "name": "PreCog Sweep - 2026-03-09 13h", "description": "Novel threat indicators detected by PreCog Sweep Engine", "modified": "2026-03-09T13:30:17.102000", "created": "2026-03-09T13:30:17.102000", "tags": [ "precog", "automated", "novel-ioc", "c2", "malware" ], "references": [ "https://analytics.dugganusa.com/api/v1/stix/master", "https://github.com/pduggusa/dugganusa-research" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "pduggusa", "id": "371400", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_371400/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 175, "domain": 110, "URL": 118 }, "indicator_count": 403, "is_author": false, "is_subscribing": null, "subscriber_count": 192, "modified_text": "82 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69aec461c035f349e53b8820", "name": "PreCog Sweep - 2026-03-09 13h", "description": "Novel threat indicators detected by PreCog Sweep Engine", "modified": "2026-03-09T13:00:17.877000", "created": "2026-03-09T13:00:17.877000", "tags": [ "precog", "automated", "novel-ioc", "c2", "malware" ], "references": [ "https://analytics.dugganusa.com/api/v1/stix/master", "https://github.com/pduggusa/dugganusa-research" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "pduggusa", "id": "371400", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_371400/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 172, "domain": 111, "URL": 119 }, "indicator_count": 402, "is_author": false, "is_subscribing": null, "subscriber_count": 192, "modified_text": "82 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69aebd5a3a607dae3e4d3a5a", "name": "PreCog Sweep - 2026-03-09 12h", "description": "Novel threat indicators detected by PreCog Sweep Engine", "modified": "2026-03-09T12:30:18.306000", "created": "2026-03-09T12:30:18.306000", "tags": [ "precog", "automated", "novel-ioc", "c2", "malware" ], "references": [ "https://analytics.dugganusa.com/api/v1/stix/master", "https://github.com/pduggusa/dugganusa-research" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "pduggusa", "id": "371400", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_371400/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 175, "domain": 111, "URL": 121 }, "indicator_count": 407, "is_author": false, "is_subscribing": null, "subscriber_count": 192, "modified_text": "82 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69aeb65552e10d13e4f60a3d", "name": "PreCog Sweep - 2026-03-09 12h", "description": "Novel threat indicators detected by PreCog Sweep Engine", "modified": "2026-03-09T12:00:21.013000", "created": "2026-03-09T12:00:21.013000", "tags": [ "precog", "automated", "novel-ioc", "c2", "malware" ], "references": [ "https://analytics.dugganusa.com/api/v1/stix/master", "https://github.com/pduggusa/dugganusa-research" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "pduggusa", "id": "371400", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_371400/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 183, "URL": 123, "domain": 110 }, "indicator_count": 416, "is_author": false, "is_subscribing": null, "subscriber_count": 192, "modified_text": "82 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69aea842102e4f7175cd475d", "name": "PreCog Sweep - 2026-03-09 11h", "description": "Novel threat indicators detected by PreCog Sweep Engine", "modified": "2026-03-09T11:00:18.854000", "created": "2026-03-09T11:00:18.854000", "tags": [ "precog", "automated", "novel-ioc", "c2", "malware" ], "references": [ "https://analytics.dugganusa.com/api/v1/stix/master", "https://github.com/pduggusa/dugganusa-research" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "pduggusa", "id": "371400", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_371400/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 127, "domain": 111, "hostname": 179 }, "indicator_count": 417, "is_author": false, "is_subscribing": null, "subscriber_count": 192, "modified_text": "82 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69aea1390dbfd51c47ad3dec", "name": "PreCog Sweep - 2026-03-09 10h", "description": "Novel threat indicators detected by PreCog Sweep Engine", "modified": "2026-03-09T10:30:16.755000", "created": "2026-03-09T10:30:16.755000", "tags": [ "precog", "automated", "novel-ioc", "c2", "malware" ], "references": [ "https://analytics.dugganusa.com/api/v1/stix/master", "https://github.com/pduggusa/dugganusa-research" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "pduggusa", "id": "371400", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_371400/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 181, "domain": 109, "URL": 124 }, "indicator_count": 414, "is_author": false, "is_subscribing": null, "subscriber_count": 192, "modified_text": "82 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69ae9a33423cda6d00ba712b", "name": "PreCog Sweep - 2026-03-09 10h", "description": "Novel threat indicators detected by PreCog Sweep Engine", "modified": "2026-03-09T10:00:19.603000", "created": "2026-03-09T10:00:19.603000", "tags": [ "precog", "automated", "novel-ioc", "c2", "malware" ], "references": [ "https://analytics.dugganusa.com/api/v1/stix/master", "https://github.com/pduggusa/dugganusa-research" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "pduggusa", "id": "371400", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_371400/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 188, "domain": 108, "URL": 123 }, "indicator_count": 419, "is_author": false, "is_subscribing": null, "subscriber_count": 192, "modified_text": "82 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69ae9327096926f97bd97977", "name": "PreCog Sweep - 2026-03-09 09h", "description": "Novel threat indicators detected by PreCog Sweep Engine", "modified": "2026-03-09T09:30:15.530000", "created": "2026-03-09T09:30:15.530000", "tags": [ "precog", "automated", "novel-ioc", "c2", "malware" ], "references": [ "https://analytics.dugganusa.com/api/v1/stix/master", "https://github.com/pduggusa/dugganusa-research" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "pduggusa", "id": "371400", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_371400/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 195, "URL": 124, "domain": 107 }, "indicator_count": 426, "is_author": false, "is_subscribing": null, "subscriber_count": 193, "modified_text": "82 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69ae8c1fa8e3acca6516d8f7", "name": "PreCog Sweep - 2026-03-09 09h", "description": "Novel threat indicators detected by PreCog Sweep Engine", "modified": "2026-03-09T09:00:15.712000", "created": "2026-03-09T09:00:15.712000", "tags": [ "precog", "automated", "novel-ioc", "c2", "malware" ], "references": [ "https://analytics.dugganusa.com/api/v1/stix/master", "https://github.com/pduggusa/dugganusa-research" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "pduggusa", "id": "371400", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_371400/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 209, "domain": 109, "URL": 100 }, "indicator_count": 418, "is_author": false, "is_subscribing": null, "subscriber_count": 193, "modified_text": "82 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69ae8516c0e1e259dfa2a519", "name": "PreCog Sweep - 2026-03-09 08h", "description": "Novel threat indicators detected by PreCog Sweep Engine", "modified": "2026-03-09T08:30:14.558000", "created": "2026-03-09T08:30:14.558000", "tags": [ "precog", "automated", "novel-ioc", "c2", "malware" ], "references": [ "https://analytics.dugganusa.com/api/v1/stix/master", "https://github.com/pduggusa/dugganusa-research" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "pduggusa", "id": "371400", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_371400/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 98, "hostname": 224, "domain": 102 }, "indicator_count": 424, "is_author": false, "is_subscribing": null, "subscriber_count": 193, "modified_text": "82 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69ae7e0f86761a7bba2efde1", "name": "PreCog Sweep - 2026-03-09 08h", "description": "Novel threat indicators detected by PreCog Sweep Engine", "modified": "2026-03-09T08:00:15.075000", "created": "2026-03-09T08:00:15.075000", "tags": [ "precog", "automated", "novel-ioc", "c2", "malware" ], "references": [ "https://analytics.dugganusa.com/api/v1/stix/master", "https://github.com/pduggusa/dugganusa-research" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "pduggusa", "id": "371400", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_371400/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 104, "hostname": 240, "domain": 92 }, "indicator_count": 436, "is_author": false, "is_subscribing": null, "subscriber_count": 192, "modified_text": "82 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69ae770637ff42527820099e", "name": "PreCog Sweep - 2026-03-09 07h", "description": "Novel threat indicators detected by PreCog Sweep Engine", "modified": "2026-03-09T07:30:14.209000", "created": "2026-03-09T07:30:14.209000", "tags": [ "precog", "automated", "novel-ioc", "c2", "malware" ], "references": [ "https://analytics.dugganusa.com/api/v1/stix/master", "https://github.com/pduggusa/dugganusa-research" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "pduggusa", "id": "371400", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_371400/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 94, "URL": 97, "hostname": 244 }, "indicator_count": 435, "is_author": false, "is_subscribing": null, "subscriber_count": 192, "modified_text": "82 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69ae6fff4ae5f0737bd13cb7", "name": "PreCog Sweep - 2026-03-09 07h", "description": "Novel threat indicators detected by PreCog Sweep Engine", "modified": "2026-03-09T07:00:15.634000", "created": "2026-03-09T07:00:15.634000", "tags": [ "precog", "automated", "novel-ioc", "c2", "malware" ], "references": [ "https://analytics.dugganusa.com/api/v1/stix/master", "https://github.com/pduggusa/dugganusa-research" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "pduggusa", "id": "371400", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_371400/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 245, "domain": 92, "URL": 97 }, "indicator_count": 434, "is_author": false, "is_subscribing": null, "subscriber_count": 192, "modified_text": "82 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69ae68f79fc56680f7f706cd", "name": "PreCog Sweep - 2026-03-09 06h", "description": "Novel threat indicators detected by PreCog Sweep Engine", "modified": "2026-03-09T06:30:15.486000", "created": "2026-03-09T06:30:15.486000", "tags": [ "precog", "automated", "novel-ioc", "c2", "malware" ], "references": [ "https://analytics.dugganusa.com/api/v1/stix/master", "https://github.com/pduggusa/dugganusa-research" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "pduggusa", "id": "371400", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_371400/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 244, "domain": 91, "URL": 96 }, "indicator_count": 431, "is_author": false, "is_subscribing": null, "subscriber_count": 193, "modified_text": "83 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69ae61ee16dd04a614de57d6", "name": "PreCog Sweep - 2026-03-09 06h", "description": "Novel threat indicators detected by PreCog Sweep Engine", "modified": "2026-03-09T06:00:14.292000", "created": "2026-03-09T06:00:14.292000", "tags": [ "precog", "automated", "novel-ioc", "c2", "malware" ], "references": [ "https://analytics.dugganusa.com/api/v1/stix/master", "https://github.com/pduggusa/dugganusa-research" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "pduggusa", "id": "371400", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_371400/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 244, "URL": 95, "domain": 91 }, "indicator_count": 430, "is_author": false, "is_subscribing": null, "subscriber_count": 193, "modified_text": "83 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69ae5ae641c800cee5e17672", "name": "PreCog Sweep - 2026-03-09 05h", "description": "Novel threat indicators detected by PreCog Sweep Engine", "modified": "2026-03-09T05:30:14.747000", "created": "2026-03-09T05:30:14.747000", "tags": [ "precog", "automated", "novel-ioc", "c2", "malware" ], "references": [ "https://analytics.dugganusa.com/api/v1/stix/master", "https://github.com/pduggusa/dugganusa-research" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "pduggusa", "id": "371400", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_371400/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 243, "URL": 95, "domain": 92 }, "indicator_count": 430, "is_author": false, "is_subscribing": null, "subscriber_count": 193, "modified_text": "83 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69ae53e0d403df7b73de4fd2", "name": "PreCog Sweep - 2026-03-09 05h", "description": "Novel threat indicators detected by PreCog Sweep Engine", "modified": "2026-03-09T05:00:16.289000", "created": "2026-03-09T05:00:16.289000", "tags": [ "precog", "automated", "novel-ioc", "c2", "malware" ], "references": [ "https://analytics.dugganusa.com/api/v1/stix/master", "https://github.com/pduggusa/dugganusa-research" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "pduggusa", "id": "371400", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_371400/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 243, "URL": 95, "domain": 92 }, "indicator_count": 430, "is_author": false, "is_subscribing": null, "subscriber_count": 193, "modified_text": "83 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69ae4cd6d5fd4f95eda29a25", "name": "PreCog Sweep - 2026-03-09 04h", "description": "Novel threat indicators detected by PreCog Sweep Engine", "modified": "2026-03-09T04:30:14.958000", "created": "2026-03-09T04:30:14.958000", "tags": [ "precog", "automated", "novel-ioc", "c2", "malware" ], "references": [ "https://analytics.dugganusa.com/api/v1/stix/master", "https://github.com/pduggusa/dugganusa-research" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "pduggusa", "id": "371400", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_371400/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 244, "URL": 95, "domain": 92 }, "indicator_count": 431, "is_author": false, "is_subscribing": null, "subscriber_count": 193, "modified_text": "83 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69ae45ce2f3406ffc785f714", "name": "PreCog Sweep - 2026-03-09 04h", "description": "Novel threat indicators detected by PreCog Sweep Engine", "modified": "2026-03-09T04:00:14.343000", "created": "2026-03-09T04:00:14.343000", "tags": [ "precog", "automated", "novel-ioc", "c2", "malware" ], "references": [ "https://analytics.dugganusa.com/api/v1/stix/master", "https://github.com/pduggusa/dugganusa-research" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "pduggusa", "id": "371400", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_371400/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 92, "hostname": 251, "URL": 96 }, "indicator_count": 439, "is_author": false, "is_subscribing": null, "subscriber_count": 193, "modified_text": "83 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69ae3ec6182b78cf52c29c43", "name": "PreCog Sweep - 2026-03-09 03h", "description": "Novel threat indicators detected by PreCog Sweep Engine", "modified": "2026-03-09T03:30:14.729000", "created": "2026-03-09T03:30:14.729000", "tags": [ "precog", "automated", "novel-ioc", "c2", "malware" ], "references": [ "https://analytics.dugganusa.com/api/v1/stix/master", "https://github.com/pduggusa/dugganusa-research" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "pduggusa", "id": "371400", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_371400/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 92, "hostname": 251, "URL": 96 }, "indicator_count": 439, "is_author": false, "is_subscribing": null, "subscriber_count": 193, "modified_text": "83 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69ae37bf9b8e6335bbbccce0", "name": "PreCog Sweep - 2026-03-09 03h", "description": "Novel threat indicators detected by PreCog Sweep Engine", "modified": "2026-03-09T03:00:15.001000", "created": "2026-03-09T03:00:15.001000", "tags": [ "precog", "automated", "novel-ioc", "c2", "malware" ], "references": [ "https://analytics.dugganusa.com/api/v1/stix/master", "https://github.com/pduggusa/dugganusa-research" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "pduggusa", "id": "371400", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_371400/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 253, "domain": 90, "URL": 96 }, "indicator_count": 439, "is_author": false, "is_subscribing": null, "subscriber_count": 193, "modified_text": "83 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69ae30b77b65b44f4c32fd5f", "name": "PreCog Sweep - 2026-03-09 02h", "description": "Novel threat indicators detected by PreCog Sweep Engine", "modified": "2026-03-09T02:30:15.918000", "created": "2026-03-09T02:30:15.918000", "tags": [ "precog", "automated", "novel-ioc", "c2", "malware" ], "references": [ "https://analytics.dugganusa.com/api/v1/stix/master", "https://github.com/pduggusa/dugganusa-research" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "pduggusa", "id": "371400", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_371400/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 251, "domain": 90, "URL": 97 }, "indicator_count": 438, "is_author": false, "is_subscribing": null, "subscriber_count": 193, "modified_text": "83 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69ae29aef6d95012b273972c", "name": "PreCog Sweep - 2026-03-09 02h", "description": "Novel threat indicators detected by PreCog Sweep Engine", "modified": "2026-03-09T02:00:14.693000", "created": "2026-03-09T02:00:14.693000", "tags": [ "precog", "automated", "novel-ioc", "c2", "malware" ], "references": [ "https://analytics.dugganusa.com/api/v1/stix/master", "https://github.com/pduggusa/dugganusa-research" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "pduggusa", "id": "371400", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_371400/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 248, "domain": 92, "URL": 97 }, "indicator_count": 437, "is_author": false, "is_subscribing": null, "subscriber_count": 193, "modified_text": "83 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69ae22a6e9084c50b45da7dd", "name": "PreCog Sweep - 2026-03-09 01h", "description": "Novel threat indicators detected by PreCog Sweep Engine", "modified": "2026-03-09T01:30:14.362000", "created": "2026-03-09T01:30:14.362000", "tags": [ "precog", "automated", "novel-ioc", "c2", "malware" ], "references": [ "https://analytics.dugganusa.com/api/v1/stix/master", "https://github.com/pduggusa/dugganusa-research" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "pduggusa", "id": "371400", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_371400/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 244, "domain": 92, "URL": 97 }, "indicator_count": 433, "is_author": false, "is_subscribing": null, "subscriber_count": 193, "modified_text": "83 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69ae1b9e2ba2522eb3ed512f", "name": "PreCog Sweep - 2026-03-09 01h", "description": "Novel threat indicators detected by PreCog Sweep Engine", "modified": "2026-03-09T01:00:14.801000", "created": "2026-03-09T01:00:14.801000", "tags": [ "precog", "automated", "novel-ioc", "c2", "malware" ], "references": [ "https://analytics.dugganusa.com/api/v1/stix/master", "https://github.com/pduggusa/dugganusa-research" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "pduggusa", "id": "371400", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_371400/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 244, "domain": 89, "URL": 97 }, "indicator_count": 430, "is_author": false, "is_subscribing": null, "subscriber_count": 193, "modified_text": "83 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69ae1496a7e0015a92c550ed", "name": "PreCog Sweep - 2026-03-09 00h", "description": "Novel threat indicators detected by PreCog Sweep Engine", "modified": "2026-03-09T00:30:14.228000", "created": "2026-03-09T00:30:14.228000", "tags": [ "precog", "automated", "novel-ioc", "c2", "malware" ], "references": [ "https://analytics.dugganusa.com/api/v1/stix/master", "https://github.com/pduggusa/dugganusa-research" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "pduggusa", "id": "371400", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_371400/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 244, "domain": 89, "URL": 97 }, "indicator_count": 430, "is_author": false, "is_subscribing": null, "subscriber_count": 193, "modified_text": "83 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69ae0d8f9fd6b2fff448d023", "name": "PreCog Sweep - 2026-03-09 00h", "description": "Novel threat indicators detected by PreCog Sweep Engine", "modified": "2026-03-09T00:00:15.411000", "created": "2026-03-09T00:00:15.411000", "tags": [ "precog", "automated", "novel-ioc", "c2", "malware" ], "references": [ "https://analytics.dugganusa.com/api/v1/stix/master", "https://github.com/pduggusa/dugganusa-research" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "pduggusa", "id": "371400", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_371400/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 93, "hostname": 249, "URL": 97 }, "indicator_count": 439, "is_author": false, "is_subscribing": null, "subscriber_count": 193, "modified_text": "83 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69ae0686ed3191677ea96892", "name": "PreCog Sweep - 2026-03-08 23h", "description": "Novel threat indicators detected by PreCog Sweep Engine", "modified": "2026-03-08T23:30:14.517000", "created": "2026-03-08T23:30:14.517000", "tags": [ "precog", "automated", "novel-ioc", "c2", "malware" ], "references": [ "https://analytics.dugganusa.com/api/v1/stix/master", "https://github.com/pduggusa/dugganusa-research" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "pduggusa", "id": "371400", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_371400/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 79, "hostname": 266, "domain": 89 }, "indicator_count": 434, "is_author": false, "is_subscribing": null, "subscriber_count": 193, "modified_text": "83 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "references": [ "IOCs.2026.4.csv", "https://github.com/pduggusa/dugganusa-research", "https://ltna.com.au/cyber", "https://www.derp.ca/research/hellsuchecker-clickfix-etherhiding/", "https://analytics.dugganusa.com/api/v1/stix/master" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [] }, "other": { "adversary": [ "Operation GhostMail, CastleRAT, UNK_NightOwl, Fake Shipment Tracking Scams in MEA, Fake Claude Code " ], "malware_families": [ "Hellsuchecker" ], "industries": [] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 45, "pulses": [ { "id": "69bbbb60a8390fc9a5e0e715", "name": "EbeeMar2026 Pt4", "description": "Multiple APT/threat actors, Malware and Campaigns", "modified": "2026-04-18T08:06:12.483000", "created": "2026-03-19T09:01:20.593000", "tags": [ "filehashsha256", "filehashmd5", "filehashsha1", "email", "xdsfeerdfbn", "chlg url" ], "references": [ "IOCs.2026.4.csv" ], "public": 1, "adversary": "Operation GhostMail, CastleRAT, UNK_NightOwl, Fake Shipment Tracking Scams in MEA, Fake Claude Code ", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "IMEBEEIMFINE", "id": "343873", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 77, "FileHash-MD5": 122, "FileHash-SHA1": 103, "FileHash-SHA256": 164, "CVE": 25, "URL": 58, "domain": 107, "email": 30 }, "indicator_count": 686, "is_author": false, "is_subscribing": null, "subscriber_count": 40, "modified_text": "42 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69baa7b58b52ce8d9c292a05", "name": "HellsUchecker: ClickFix to blockchain-backed backdoor", "description": "HellsUchecker is a sophisticated native x64 backdoor, measuring 28 KB, known for its complex 10-stage attack chain that begins with a deceptive ClickFix lure, resembling a Cloudflare CAPTCHA, and culminates in a memory-resident payload that communicates with its command and control (C2) server over HTTPS.\n\nThe initial stage directs victims to a phishing page, http://h01-captcha.sbs, which replicates a legitimate CAPTCHA interface. Upon interaction, it prompts users to execute a malicious command line, facilitated by a clipboard payload that runs the legitimate Windows utility \"finger.exe\" on port 79. This utility fetches malicious commands hidden in a crafted .plan file from a malicious server. The payload then employs a series of instructions to disable the desktop's explorer.exe, download a legitimate Python embed package disguised as a PDF, and execute a secondary payload via a base64-encoded script.", "modified": "2026-04-17T13:02:58.639000", "created": "2026-03-18T13:25:09.956000", "tags": [ "backdoor", "blockchain", "etherhiding", "malware", "reverseengineering", "clickfix", "apis", "msbuild", "domain group", "peb walk", "python", "winhttp", "pe loader", "c2 server", "hell", "smart contract", "gate", "avalanche", "february", "august", "virustotal", "sandbox", "ukraine", "belarus", "armenia", "syscall", "cleanup", "shellcode", "date", "apache", "hosts", "global domain", "amos", "nist", "webcache", "odyssey", "kaspersky", "keccak256", "ethereum", "hellsuchecker", "eazfuscator" ], "references": [ "https://www.derp.ca/research/hellsuchecker-clickfix-etherhiding/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "HellsUchecker", "display_name": "HellsUchecker", "target": null } ], "attack_ids": [ { "id": "T1005", "name": "Data from Local System", "display_name": "T1005 - Data from Local System" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1027.005", "name": "Indicator Removal from Tools", "display_name": "T1027.005 - Indicator Removal from Tools" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1036.005", "name": "Match Legitimate Name or Location", "display_name": "T1036.005 - Match Legitimate Name or Location" }, { "id": "T1055.012", "name": "Process Hollowing", "display_name": "T1055.012 - Process Hollowing" }, { "id": "T1059.003", "name": "Windows Command Shell", "display_name": "T1059.003 - Windows Command Shell" }, { "id": "T1059.006", "name": "Python", "display_name": "T1059.006 - Python" }, { "id": "T1070.004", "name": "File Deletion", "display_name": "T1070.004 - File Deletion" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "PetrP.73", "id": "154605", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 4, "FileHash-SHA256": 5, "URL": 7, "domain": 8, "email": 1, "hostname": 11 }, "indicator_count": 36, "is_author": false, "is_subscribing": null, "subscriber_count": 542, "modified_text": "43 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69b6bc1ac1d9a90e385ca92a", "name": "Payload_Delivery | Mar 16, 2026 | Part 2/2", "description": "Payload_Delivery indicators. Date: Mar 16, 2026. Part 2/2. For more threat intelligence visit https://ltna.com.au/cyber", "modified": "2026-03-15T14:03:05.683000", "created": "2026-03-15T14:03:05.683000", "tags": [ "payload_delivery" ], "references": [ "https://ltna.com.au/cyber" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "LTNA-Australia", "id": "380633", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_380633/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 89, "hostname": 195, "URL": 79, "FileHash-SHA256": 9 }, "indicator_count": 372, "is_author": false, "is_subscribing": null, "subscriber_count": 91, "modified_text": "76 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69b56a84f14760edc6870528", "name": "Payload_Delivery | Mar 15, 2026 | Part 1/2", "description": "Payload_Delivery indicators. Date: Mar 15, 2026. Part 1/2. For more threat intelligence visit https://ltna.com.au/cyber", "modified": "2026-03-14T14:02:44.275000", "created": "2026-03-14T14:02:44.275000", "tags": [ "payload_delivery" ], "references": [ "https://ltna.com.au/cyber" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "LTNA-Australia", "id": "380633", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_380633/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 1171, "domain": 366, "URL": 300, "FileHash-MD5": 115, "FileHash-SHA256": 33, "FileHash-SHA1": 14 }, "indicator_count": 1999, "is_author": false, "is_subscribing": null, "subscriber_count": 92, "modified_text": "77 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69b41a97bb607b6513f81335", "name": "Payload_Delivery | Mar 14, 2026 | Part 1/2", "description": "Payload_Delivery indicators. Date: Mar 14, 2026. Part 1/2. For more threat intelligence visit https://ltna.com.au/cyber", "modified": "2026-03-13T14:09:27.029000", "created": "2026-03-13T14:09:27.029000", "tags": [ "payload_delivery" ], "references": [ "https://ltna.com.au/cyber" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "LTNA-Australia", "id": "380633", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_380633/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 268, "hostname": 1133, "domain": 333, "FileHash-SHA256": 64, "FileHash-MD5": 151, "FileHash-SHA1": 50 }, "indicator_count": 1999, "is_author": false, "is_subscribing": null, "subscriber_count": 91, "modified_text": "78 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69b2d0ea8d97c8719be9ca20", "name": "Payload_Delivery | Mar 13, 2026 | Part 1/2", "description": "Payload_Delivery indicators. Date: Mar 13, 2026. Part 1/2. For more threat intelligence visit https://ltna.com.au/cyber", "modified": "2026-03-12T14:42:50.661000", "created": "2026-03-12T14:42:50.661000", "tags": [ "payload_delivery" ], "references": [ "https://ltna.com.au/cyber" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "LTNA-Australia", "id": "380633", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_380633/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 311, "hostname": 1140, "URL": 217, "FileHash-MD5": 172, "FileHash-SHA256": 85, "FileHash-SHA1": 74 }, "indicator_count": 1999, "is_author": false, "is_subscribing": null, "subscriber_count": 91, "modified_text": "79 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69b0287b046ea9dcc7db5492", "name": "Payload_Delivery | Mar 11, 2026 | Part 1/2", "description": "Payload_Delivery indicators. Date: Mar 11, 2026. Part 1/2. For more threat intelligence visit https://ltna.com.au/cyber", "modified": "2026-03-10T14:19:39.302000", "created": "2026-03-10T14:19:39.302000", "tags": [ "payload_delivery" ], "references": [ "https://ltna.com.au/cyber" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "LTNA-Australia", "id": "380633", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_380633/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 1123, "domain": 308, "URL": 266, "FileHash-SHA256": 106, "FileHash-MD5": 100, "FileHash-SHA1": 95 }, "indicator_count": 1998, "is_author": false, "is_subscribing": null, "subscriber_count": 91, "modified_text": "81 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69af0ab1fd5d4b3ef92ea811", "name": "PreCog Sweep - 2026-03-09 18h", "description": "Novel threat indicators detected by PreCog Sweep Engine", "modified": "2026-03-09T18:00:17.355000", "created": "2026-03-09T18:00:17.355000", "tags": [ "precog", "automated", "novel-ioc", "c2", "malware" ], "references": [ "https://analytics.dugganusa.com/api/v1/stix/master", "https://github.com/pduggusa/dugganusa-research" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "pduggusa", "id": "371400", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_371400/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 197, "domain": 86, "URL": 110 }, "indicator_count": 393, "is_author": false, "is_subscribing": null, "subscriber_count": 193, "modified_text": "82 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69af03a73410ac4c38bafc54", "name": "PreCog Sweep - 2026-03-09 17h", "description": "Novel threat indicators detected by PreCog Sweep Engine", "modified": "2026-03-09T17:30:14.993000", "created": "2026-03-09T17:30:14.993000", "tags": [ "precog", "automated", "novel-ioc", "c2", "malware" ], "references": [ "https://analytics.dugganusa.com/api/v1/stix/master", "https://github.com/pduggusa/dugganusa-research" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "pduggusa", "id": "371400", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_371400/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 192, "domain": 85, "URL": 116 }, "indicator_count": 393, "is_author": false, "is_subscribing": null, "subscriber_count": 193, "modified_text": "82 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69aefca0934c0f8132a4548b", "name": "PreCog Sweep - 2026-03-09 17h", "description": "Novel threat indicators detected by PreCog Sweep Engine", "modified": "2026-03-09T17:00:16.565000", "created": "2026-03-09T17:00:16.565000", "tags": [ "precog", "automated", "novel-ioc", "c2", "malware" ], "references": [ "https://analytics.dugganusa.com/api/v1/stix/master", "https://github.com/pduggusa/dugganusa-research" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "pduggusa", "id": "371400", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_371400/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 188, "URL": 121, "domain": 84 }, "indicator_count": 393, "is_author": false, "is_subscribing": null, "subscriber_count": 193, "modified_text": "82 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "cldvrfd.click", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "cldvrfd.click", "found": false, "verdict": "clean", "urls": [], "error": null }, "from_cache": true, "_cached_at": 1780210703.9772167 }