{ "type": "Domain", "indicator": "codeberg.org", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/codeberg.org", "alexa": "http://www.alexa.com/siteinfo/codeberg.org", "indicator": "codeberg.org", "type": "domain", "type_title": "Domain", "validation": [ { "source": "majestic", "message": "Whitelisted domain codeberg.org", "name": "Whitelisted domain" } ], "base_indicator": { "id": 3662356288, "indicator": "codeberg.org", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 13, "pulses": [ { "id": "6a03d30ebc255def6c27747a", "name": "Twitter Feed - thomasklemenc - 12-05-2026", "description": "", "modified": "2026-05-13T01:25:34.534000", "created": "2026-05-13T01:25:34.534000", "tags": [ "RAT", "malware" ], "references": [ "https://x.com/thomasklemenc/status/2052715025450598904" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunterAutoFeed", "id": "182496", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_182496/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 8, "domain": 5, "IPv4": 1, "FileHash-SHA256": 1 }, "indicator_count": 15, "is_author": false, "is_subscribing": null, "subscriber_count": 1624, "modified_text": "18 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69787dfb890a7099f344356f", "name": "Emergency Patch Released for Microsoft Office Zero - Day Vulnerability", "description": "A recently discovered zero-day vulnerability in Microsoft Office, tracked as CVE-2026-21509, has prompted an out-of-band security patch from Microsoft. This high-severity vulnerability carries a CVSS score of 7.8 out of 10.0 and is described as a security feature bypass in Microsoft Office, allowing unauthorized attackers to bypass a security feature locally. The vulnerability affects Microsoft Office 2016 and 2019, as well as Microsoft 365, and can be exploited by sending a specially crafted Of...", "modified": "2026-01-27T08:57:31.646000", "created": "2026-01-27T08:57:31.646000", "tags": [ "initial-access", "execution", "privilege-escalation", "T1190", "T1204", "high", "vta", "threat-intelligence" ], "references": [ "https://www.cisa.gov/news-events/alerts/2026/01/26/cisa-adds-five-known-exploited-vulnerabilities-catalog", "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21509" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CODERED_VTA", "id": "349568", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_349568/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 20, "FileHash-SHA1": 4, "FileHash-SHA256": 1, "domain": 12, "hostname": 15 }, "indicator_count": 52, "is_author": false, "is_subscribing": null, "subscriber_count": 58, "modified_text": "123 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6889153bb756c703bd61c97d", "name": "Calisto - APT - 07.29.25 - UA ChromeBook Retro", "description": "Maldoc Calisto - 03.17.23\nRetroanalysis of a simple test to demonstrate a point (had some extensions to capture data). Borrowed a Google Chromebook From University of Alberta & signed in to my CCID on Campus with the Chromebook provided by Office of DOS (provided to them by 'offside IT'. Chromebook did not do so well. Returned. \n\nMAL_PDF_Calisto_PDF_Streams_Jul_09 (Threatzone)\nThis supports findings from Beehive Security who later blocked Calisto/Callisto with their MDR Solution.", "modified": "2025-09-03T00:22:10.750000", "created": "2025-07-29T18:38:51.647000", "tags": [ "triage", "malware", "analysis", "report", "reported", "analyze", "sandbox", "download submit", "sha512", "sha1", "filesize", "sha256", "file", "token", "prefetch8", "prefetch1", "dataprofile", "general", "config", "download", "copy", "target", "defense", "generic", "impact", "virus", "trojan", "ransomware", "static", "indicator of compromise", "ioc", "extraction", "emulation", "online", "submit", "sample", "platform", "vxstream", "apt", "hybrid analysis", "api key", "vetting process", "please note", "please", "switch", "inquest labs", "resources api", "notes supported", "cve list", "drop your", "service", "privacy policy", "found url", "ck id", "details found", "ingress tool", "transfer", "t1105", "details url", "t1571", "pdf found", "found", "contentparse", "externalparser", "woff2", "inputfile", "domainresolve", "u200c200d", "u25cc", "ioc value", "Callisto", "Maldoc", "UAlberta", "U of A", "Chromebook", "Microsoft", "Google", "Telus", "Calisto", "APT" ], "references": [ "https://tria.ge/250729-wr59yabk7y/behavioral2", "https://www.filescan.io/uploads/68890e2dc79df08ef097cd38/reports/06923db6-30ae-455f-8026-73461cc1472e/overview", "https://hybrid-analysis.com/sample/2d0458cbda9297baf3d2f28bfa47a4872075a444ec68f30757ceec458f3aab2e", "https://metadefender.com/results/file/YTI1MDcyOXl4LTdxa1I5ZlVJNGVsWTRUS2kz_mdaas", "https://polyswarm.network/scan/results/file/4c7d629d37665e74617cefe3e208a37b2042529cbbeb9a839a79e167919561ce", "https://app.threat.zone/submission/5879c4fe-ce35-45c3-8a3c-e8c06d0e2b2d/overview", "https://tip.neiki.dev/file/2d0458cbda9297baf3d2f28bfa47a4872075a444ec68f30757ceec458f3aab2e", "https://www.virustotal.com/gui/file/2d0458cbda9297baf3d2f28bfa47a4872075a444ec68f30757ceec458f3aab2e", "https://www.virustotal.com/gui/file-analysis/MTllN2NiNTVkMGQ1MTYzNGY0OTg4MGY2MmRiYmNjYzg6MTc1MzgxNDIzNQ==", "https://vtbehaviour.commondatastorage.googleapis.com/4c7d629d37665e74617cefe3e208a37b2042529cbbeb9a839a79e167919561ce_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1753815427&Signature=BM1MWONwwKd011yMi5XzJJHo01QYs0qWdERlFPM9BGS4OW62YRzI4FX6aMwA6MgQB2eLDnMBjwIYw2ct1yC2HAzJ82eh6VqtBu%2BiE6lObCQjjON9nx29EKx9dGSRLewI3Zjpp7Kbokc%2FIKEh40ZNmeXNc4aCsECY%2Fwq9FQOmT2vm8Bi6IHzZNBMT3srLRZsr%2Bo36MP6ckdybeglLLnb9LA5iEOYbMBMEq6HxMj%2BfLIssDjKInHz7", "https://hybrid-analysis.com/sample/4c7d629d37665e74617cefe3e208a37b2042529cbbeb9a839a79e167919561ce/6889105954703efa4303f7c7", "https://malpedia.caad.fkie.fraunhofer.de/actor/callisto" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Canada", "Netherlands" ], "malware_families": [ { "id": "MAL_PDF_Calisto_PDF_Streams_Jul_09", "display_name": "MAL_PDF_Calisto_PDF_Streams_Jul_09", "target": null } ], "attack_ids": [ { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1217", "name": "Browser Bookmark Discovery", "display_name": "T1217 - Browser Bookmark Discovery" }, { "id": "T1614", "name": "System Location Discovery", "display_name": "T1614 - System Location Discovery" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1571", "name": "Non-Standard Port", "display_name": "T1571 - Non-Standard Port" } ], "industries": [ "Education", "Technology", "Healthcare", "Government" ], "TLP": "white", "cloned_from": null, "export_count": 33, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Disable_Duck", "id": "244325", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_244325/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 6319, "CIDR": 11, "CVE": 9, "FileHash-MD5": 323, "FileHash-SHA1": 260, "FileHash-SHA256": 292, "domain": 596, "email": 37, "hostname": 806 }, "indicator_count": 8653, "is_author": false, "is_subscribing": null, "subscriber_count": 132, "modified_text": "270 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "685de91c4badcbe0170cfa6d", "name": "Twitter Feed - skocherhan - 26-06-2025", "description": "", "modified": "2025-07-27T00:03:18.883000", "created": "2025-06-27T00:43:08.403000", "tags": [ "AsyncRAT" ], "references": [ "https://x.com/skocherhan/status/1938268462742126877", "https://x.com/skocherhan/status/1938325482698903668", "https://x.com/skocherhan/status/1938327287415640302", "https://x.com/skocherhan/status/1938330429603647944" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 16, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunterAutoFeed", "id": "182496", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_182496/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 10, "domain": 10 }, "indicator_count": 20, "is_author": false, "is_subscribing": null, "subscriber_count": 1622, "modified_text": "308 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "681407cc8e3d56c88c7c10e5", "name": "Twitter Feed - malwrhunterteam - 01-05-2025", "description": "", "modified": "2025-05-31T23:01:47.796000", "created": "2025-05-01T23:46:20.940000", "tags": [], "references": [ "https://x.com/malwrhunterteam/status/1917543861972328830", "https://x.com/malwrhunterteam/status/1917838335164195058", "https://x.com/malwrhunterteam/status/1917853146208166313", "https://x.com/malwrhunterteam/status/1917863429186150802", "https://x.com/malwrhunterteam/status/1917871330289909958", "https://x.com/malwrhunterteam/status/1917925907446088075", "https://x.com/malwrhunterteam/status/1918041425905647846", "https://x.com/malwrhunterteam/status/1918051636393513129", "https://x.com/malwrhunterteam/status/1918056452108804448", "https://x.com/malwrhunterteam/status/1918057946124001752" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunterAutoFeed", "id": "182496", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_182496/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 10, "FileHash-SHA256": 9, "domain": 5, "hostname": 1 }, "indicator_count": 25, "is_author": false, "is_subscribing": null, "subscriber_count": 1621, "modified_text": "364 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "681d43c8773f8572bf9f4e6b", "name": "Twitter Feed - skocherhan - 08-05-2025", "description": "", "modified": "2025-05-08T23:52:40.112000", "created": "2025-05-08T23:52:40.112000", "tags": [ "Lumma", "malware", "Xworm", "opendir" ], "references": [ "https://x.com/skocherhan/status/1920300244803154206", "https://x.com/skocherhan/status/1920321510109024641", "https://x.com/skocherhan/status/1920349972718829778", "https://x.com/skocherhan/status/1920353804182028437", "https://x.com/skocherhan/status/1920382082867433557", "https://x.com/skocherhan/status/1920407479223017480", "https://x.com/skocherhan/status/1920408816723575144", "https://x.com/skocherhan/status/1920418319225454691", "https://x.com/skocherhan/status/1920443088062857590", "https://x.com/skocherhan/status/1920443496755757238", "https://x.com/skocherhan/status/1920451301835510257", "https://x.com/skocherhan/status/1920551014177951845", "https://x.com/skocherhan/status/1920599502735466739" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunterAutoFeed", "id": "182496", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_182496/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 30, "URL": 34, "hostname": 2, "FileHash-MD5": 17, "FileHash-SHA256": 1 }, "indicator_count": 84, "is_author": false, "is_subscribing": null, "subscriber_count": 1622, "modified_text": "387 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6760cf8ae8c644a637a36fd2", "name": "MUT-1244 Targets Cybersecurity Professionals with Phishing and Malware", "description": "", "modified": "2025-01-16T01:02:13.133000", "created": "2024-12-17T01:10:34.378000", "tags": [ "cicd" ], "references": [ "December 17th, 2024 - CryptoGen Cyber Threat Intelligence Advisory #5931 - MUT-1244 Targets Cybersecurity Professionals with Phishing and Malware" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 13, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "cryptocti", "id": "110256", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_110256/resized/80/avatar_e237a4257c.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "email": 3, "domain": 1 }, "indicator_count": 4, "is_author": false, "is_subscribing": null, "subscriber_count": 499, "modified_text": "500 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "66f73b88e06072665c019d97", "name": "URLHaus data - 27-09-2024", "description": "", "modified": "2024-10-27T23:01:22.375000", "created": "2024-09-27T23:11:04.524000", "tags": [ "32-bit", "elf", "mips", "Mozi", "arm", "mirai", "exe", "MassLogger", "VIPKeylogger", "Socks5Systemz", "doc", "ddos", "Lumma", "lummac2", "LummaStealer", "stealer", "squadware", "dropped-by-PrivateLoader", "Stealc", "ascii", "config", "GorillaBotnet", "sh", "Encoded", "SmartApeSG", "encrypted", "GuLoader", "njRAT", "rat", "MarsStealer", "ua-wget", "cmd", "BRA", "geofenced", "zip", "AgentTesla", "vdf", "PureLogStealer", "RedLineStealer", "opendir", "SnakeKeylogger", "txt", "Formbook", "RemcosRAT", "rev-base64-loader", "vbs", "related_to_mallox_ransomware", "hta", "CobaltStrike", "fastproxy", "multiverze", "shell", "ConnectBack", "dll", "gafgyt", "js", "vbmalware", "nitol", "Gh0stRAT", "shellscript", "SocGholish" ], "references": [ "https://urlhaus.abuse.ch/browse/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 59, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunterAutoFeed", "id": "182496", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_182496/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 951, "domain": 18, "hostname": 6 }, "indicator_count": 975, "is_author": false, "is_subscribing": null, "subscriber_count": 1621, "modified_text": "580 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65c41cd9d92c21e48cf9829e", "name": "Twitter Feed - doc_guard - 07-02-2024", "description": "", "modified": "2024-02-08T00:14:16.596000", "created": "2024-02-08T00:14:16.596000", "tags": [], "references": [ "https://twitter.com/doc_guard/status/1755217084181565571" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunterAutoFeed", "id": "182496", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_182496/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 1, "FileHash-MD5": 1, "URL": 3, "domain": 2 }, "indicator_count": 7, "is_author": false, "is_subscribing": null, "subscriber_count": 1621, "modified_text": "843 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6570a965e5cfc5d3923001cb", "name": "Malicious ip", "description": "", "modified": "2023-12-06T17:03:33.111000", "created": "2023-12-06T17:03:33.111000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 17, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 1, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 1177, "FileHash-MD5": 1582, "FileHash-SHA256": 8987, "hostname": 762, "FileHash-SHA1": 1575, "URL": 1722, "email": 12 }, "indicator_count": 15817, "is_author": false, "is_subscribing": null, "subscriber_count": 115, "modified_text": "906 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "652b6b2cab4379247e4fd30b", "name": "Malicious ip", "description": "", "modified": "2023-11-14T07:01:07.253000", "created": "2023-10-15T04:31:40.568000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 14, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "ellenmmm", "id": "233693", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 1876, "domain": 1292, "hostname": 879, "FileHash-SHA256": 9536, "FileHash-MD5": 1590, "FileHash-SHA1": 1583, "email": 15 }, "indicator_count": 16771, "is_author": false, "is_subscribing": null, "subscriber_count": 84, "modified_text": "929 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "64e54b7bafaa93fc316e9a61", "name": "URLHaus data - 22-08-2023", "description": "", "modified": "2023-09-21T23:02:51.783000", "created": "2023-08-22T23:57:47.103000", "tags": [ "elf", "Mozi", "32-bit", "mips", "hajime", "AsyncRAT", "exe", "AVrecon", "botnet", "c2", "SocGholish", "mirai", "arm", "dropped-by-SmokeLoader", "RedLineStealer", "njRAT", "Agenttelsa", "AgentTesla", "LummaStealer", "Stealc", "shellscript", "32", "Loki", "opendir", "AgentTesyla", "rat", "encrypted", "GuLoader", "RemcosRAT", "dropped-by-PrivateLoader", "remcos", "RedLine", "Tsunami", "archives", "Smoke Loader", "renesas", "intel", "PowerPC", "motorola" ], "references": [ "https://urlhaus.abuse.ch/browse/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 35, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunterAutoFeed", "id": "182496", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_182496/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 252, "domain": 6, "hostname": 6 }, "indicator_count": 264, "is_author": false, "is_subscribing": null, "subscriber_count": 1621, "modified_text": "982 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "64388dcf128b74c9128d7875", "name": "URLHaus data - 13-04-2023", "description": "", "modified": "2023-04-13T23:18:39.960000", "created": "2023-04-13T23:18:39.960000", "tags": [ "32-bit", "elf", "mips", "Mozi", "hajime", "arm", "mirai", "geofenced", "obama252", "Qakbot", "qbot", "Quakbot", "USA", "wsf", "zip", "PowerShellDiscordKeyLogger", "dll", "ua-ps", "1234", "7z", "Password-protected", "dropped-by-PrivateLoader", "encrypted", "RedLine", "Vidar", "37-220-87-78", "exe", "FakeGrinProMiner", "MinerTool", "pw minertool2023", "RedLineStealer", "Qakbat", "obama251", "njRAT", "ascii", "Encoded", "doc", "MuddyWater", "32", "motorola", "renesas", "PowerPC", "64", "intel", "sparc", "bashlite", "gafgyt", "script", "AZORult", "NetSupport", "rat", "powershell", "ps", "Loki" ], "references": [ "https://urlhaus.abuse.ch/browse/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunterAutoFeed", "id": "182496", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_182496/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 805, "IPv4": 609, "domain": 67, "hostname": 4 }, "indicator_count": 1485, "is_author": false, "is_subscribing": null, "subscriber_count": 1621, "modified_text": "1143 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "references": [ "https://x.com/skocherhan/status/1920382082867433557", "December 17th, 2024 - CryptoGen Cyber Threat Intelligence Advisory #5931 - MUT-1244 Targets Cybersecurity Professionals with Phishing and Malware", "https://malpedia.caad.fkie.fraunhofer.de/actor/callisto", "https://x.com/malwrhunterteam/status/1917925907446088075", "https://hybrid-analysis.com/sample/4c7d629d37665e74617cefe3e208a37b2042529cbbeb9a839a79e167919561ce/6889105954703efa4303f7c7", "https://www.cisa.gov/news-events/alerts/2026/01/26/cisa-adds-five-known-exploited-vulnerabilities-catalog", "https://x.com/skocherhan/status/1938268462742126877", "https://twitter.com/doc_guard/status/1755217084181565571", "https://x.com/malwrhunterteam/status/1918051636393513129", "https://x.com/skocherhan/status/1920551014177951845", "https://x.com/malwrhunterteam/status/1917838335164195058", "https://x.com/malwrhunterteam/status/1918056452108804448", "https://x.com/skocherhan/status/1920451301835510257", "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "https://x.com/malwrhunterteam/status/1918041425905647846", "https://x.com/malwrhunterteam/status/1917543861972328830", "https://x.com/skocherhan/status/1920418319225454691", "https://urlhaus.abuse.ch/browse/", "https://x.com/malwrhunterteam/status/1917853146208166313", "https://tria.ge/250729-wr59yabk7y/behavioral2", "https://x.com/skocherhan/status/1920407479223017480", "https://vtbehaviour.commondatastorage.googleapis.com/4c7d629d37665e74617cefe3e208a37b2042529cbbeb9a839a79e167919561ce_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1753815427&Signature=BM1MWONwwKd011yMi5XzJJHo01QYs0qWdERlFPM9BGS4OW62YRzI4FX6aMwA6MgQB2eLDnMBjwIYw2ct1yC2HAzJ82eh6VqtBu%2BiE6lObCQjjON9nx29EKx9dGSRLewI3Zjpp7Kbokc%2FIKEh40ZNmeXNc4aCsECY%2Fwq9FQOmT2vm8Bi6IHzZNBMT3srLRZsr%2Bo36MP6ckdybeglLLnb9LA5iEOYbMBMEq6HxMj%2BfLIssDjKInHz7", "https://www.virustotal.com/gui/file/2d0458cbda9297baf3d2f28bfa47a4872075a444ec68f30757ceec458f3aab2e", "https://tip.neiki.dev/file/2d0458cbda9297baf3d2f28bfa47a4872075a444ec68f30757ceec458f3aab2e", "https://x.com/malwrhunterteam/status/1918057946124001752", "https://x.com/skocherhan/status/1920321510109024641", "https://x.com/skocherhan/status/1920599502735466739", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21509", "https://www.virustotal.com/gui/file-analysis/MTllN2NiNTVkMGQ1MTYzNGY0OTg4MGY2MmRiYmNjYzg6MTc1MzgxNDIzNQ==", "https://x.com/skocherhan/status/1920349972718829778", "https://x.com/skocherhan/status/1920443088062857590", "https://x.com/skocherhan/status/1920443496755757238", "https://app.threat.zone/submission/5879c4fe-ce35-45c3-8a3c-e8c06d0e2b2d/overview", "https://x.com/skocherhan/status/1920300244803154206", "https://hybrid-analysis.com/sample/2d0458cbda9297baf3d2f28bfa47a4872075a444ec68f30757ceec458f3aab2e", "https://x.com/thomasklemenc/status/2052715025450598904", "https://polyswarm.network/scan/results/file/4c7d629d37665e74617cefe3e208a37b2042529cbbeb9a839a79e167919561ce", "https://x.com/skocherhan/status/1920408816723575144", "https://x.com/skocherhan/status/1938327287415640302", "https://metadefender.com/results/file/YTI1MDcyOXl4LTdxa1I5ZlVJNGVsWTRUS2kz_mdaas", "https://x.com/skocherhan/status/1938330429603647944", "https://www.filescan.io/uploads/68890e2dc79df08ef097cd38/reports/06923db6-30ae-455f-8026-73461cc1472e/overview", "https://x.com/skocherhan/status/1920353804182028437", "https://x.com/skocherhan/status/1938325482698903668", "https://x.com/malwrhunterteam/status/1917863429186150802", "https://x.com/malwrhunterteam/status/1917871330289909958" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [] }, "other": { "adversary": [], "malware_families": [ "Mal_pdf_calisto_pdf_streams_jul_09" ], "industries": [ "Healthcare", "Technology", "Government", "Education" ] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 13, "pulses": [ { "id": "6a03d30ebc255def6c27747a", "name": "Twitter Feed - thomasklemenc - 12-05-2026", "description": "", "modified": "2026-05-13T01:25:34.534000", "created": "2026-05-13T01:25:34.534000", "tags": [ "RAT", "malware" ], "references": [ "https://x.com/thomasklemenc/status/2052715025450598904" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunterAutoFeed", "id": "182496", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_182496/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 8, "domain": 5, "IPv4": 1, "FileHash-SHA256": 1 }, "indicator_count": 15, "is_author": false, "is_subscribing": null, "subscriber_count": 1624, "modified_text": "18 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69787dfb890a7099f344356f", "name": "Emergency Patch Released for Microsoft Office Zero - Day Vulnerability", "description": "A recently discovered zero-day vulnerability in Microsoft Office, tracked as CVE-2026-21509, has prompted an out-of-band security patch from Microsoft. This high-severity vulnerability carries a CVSS score of 7.8 out of 10.0 and is described as a security feature bypass in Microsoft Office, allowing unauthorized attackers to bypass a security feature locally. The vulnerability affects Microsoft Office 2016 and 2019, as well as Microsoft 365, and can be exploited by sending a specially crafted Of...", "modified": "2026-01-27T08:57:31.646000", "created": "2026-01-27T08:57:31.646000", "tags": [ "initial-access", "execution", "privilege-escalation", "T1190", "T1204", "high", "vta", "threat-intelligence" ], "references": [ "https://www.cisa.gov/news-events/alerts/2026/01/26/cisa-adds-five-known-exploited-vulnerabilities-catalog", "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21509" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CODERED_VTA", "id": "349568", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_349568/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 20, "FileHash-SHA1": 4, "FileHash-SHA256": 1, "domain": 12, "hostname": 15 }, "indicator_count": 52, "is_author": false, "is_subscribing": null, "subscriber_count": 58, "modified_text": "123 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6889153bb756c703bd61c97d", "name": "Calisto - APT - 07.29.25 - UA ChromeBook Retro", "description": "Maldoc Calisto - 03.17.23\nRetroanalysis of a simple test to demonstrate a point (had some extensions to capture data). Borrowed a Google Chromebook From University of Alberta & signed in to my CCID on Campus with the Chromebook provided by Office of DOS (provided to them by 'offside IT'. Chromebook did not do so well. Returned. \n\nMAL_PDF_Calisto_PDF_Streams_Jul_09 (Threatzone)\nThis supports findings from Beehive Security who later blocked Calisto/Callisto with their MDR Solution.", "modified": "2025-09-03T00:22:10.750000", "created": "2025-07-29T18:38:51.647000", "tags": [ "triage", "malware", "analysis", "report", "reported", "analyze", "sandbox", "download submit", "sha512", "sha1", "filesize", "sha256", "file", "token", "prefetch8", "prefetch1", "dataprofile", "general", "config", "download", "copy", "target", "defense", "generic", "impact", "virus", "trojan", "ransomware", "static", "indicator of compromise", "ioc", "extraction", "emulation", "online", "submit", "sample", "platform", "vxstream", "apt", "hybrid analysis", "api key", "vetting process", "please note", "please", "switch", "inquest labs", "resources api", "notes supported", "cve list", "drop your", "service", "privacy policy", "found url", "ck id", "details found", "ingress tool", "transfer", "t1105", "details url", "t1571", "pdf found", "found", "contentparse", "externalparser", "woff2", "inputfile", "domainresolve", "u200c200d", "u25cc", "ioc value", "Callisto", "Maldoc", "UAlberta", "U of A", "Chromebook", "Microsoft", "Google", "Telus", "Calisto", "APT" ], "references": [ "https://tria.ge/250729-wr59yabk7y/behavioral2", "https://www.filescan.io/uploads/68890e2dc79df08ef097cd38/reports/06923db6-30ae-455f-8026-73461cc1472e/overview", "https://hybrid-analysis.com/sample/2d0458cbda9297baf3d2f28bfa47a4872075a444ec68f30757ceec458f3aab2e", "https://metadefender.com/results/file/YTI1MDcyOXl4LTdxa1I5ZlVJNGVsWTRUS2kz_mdaas", "https://polyswarm.network/scan/results/file/4c7d629d37665e74617cefe3e208a37b2042529cbbeb9a839a79e167919561ce", "https://app.threat.zone/submission/5879c4fe-ce35-45c3-8a3c-e8c06d0e2b2d/overview", "https://tip.neiki.dev/file/2d0458cbda9297baf3d2f28bfa47a4872075a444ec68f30757ceec458f3aab2e", "https://www.virustotal.com/gui/file/2d0458cbda9297baf3d2f28bfa47a4872075a444ec68f30757ceec458f3aab2e", "https://www.virustotal.com/gui/file-analysis/MTllN2NiNTVkMGQ1MTYzNGY0OTg4MGY2MmRiYmNjYzg6MTc1MzgxNDIzNQ==", "https://vtbehaviour.commondatastorage.googleapis.com/4c7d629d37665e74617cefe3e208a37b2042529cbbeb9a839a79e167919561ce_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1753815427&Signature=BM1MWONwwKd011yMi5XzJJHo01QYs0qWdERlFPM9BGS4OW62YRzI4FX6aMwA6MgQB2eLDnMBjwIYw2ct1yC2HAzJ82eh6VqtBu%2BiE6lObCQjjON9nx29EKx9dGSRLewI3Zjpp7Kbokc%2FIKEh40ZNmeXNc4aCsECY%2Fwq9FQOmT2vm8Bi6IHzZNBMT3srLRZsr%2Bo36MP6ckdybeglLLnb9LA5iEOYbMBMEq6HxMj%2BfLIssDjKInHz7", "https://hybrid-analysis.com/sample/4c7d629d37665e74617cefe3e208a37b2042529cbbeb9a839a79e167919561ce/6889105954703efa4303f7c7", "https://malpedia.caad.fkie.fraunhofer.de/actor/callisto" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Canada", "Netherlands" ], "malware_families": [ { "id": "MAL_PDF_Calisto_PDF_Streams_Jul_09", "display_name": "MAL_PDF_Calisto_PDF_Streams_Jul_09", "target": null } ], "attack_ids": [ { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1217", "name": "Browser Bookmark Discovery", "display_name": "T1217 - Browser Bookmark Discovery" }, { "id": "T1614", "name": "System Location Discovery", "display_name": "T1614 - System Location Discovery" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1571", "name": "Non-Standard Port", "display_name": "T1571 - Non-Standard Port" } ], "industries": [ "Education", "Technology", "Healthcare", "Government" ], "TLP": "white", "cloned_from": null, "export_count": 33, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Disable_Duck", "id": "244325", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_244325/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 6319, "CIDR": 11, "CVE": 9, "FileHash-MD5": 323, "FileHash-SHA1": 260, "FileHash-SHA256": 292, "domain": 596, "email": 37, "hostname": 806 }, "indicator_count": 8653, "is_author": false, "is_subscribing": null, "subscriber_count": 132, "modified_text": "270 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "685de91c4badcbe0170cfa6d", "name": "Twitter Feed - skocherhan - 26-06-2025", "description": "", "modified": "2025-07-27T00:03:18.883000", "created": "2025-06-27T00:43:08.403000", "tags": [ "AsyncRAT" ], "references": [ "https://x.com/skocherhan/status/1938268462742126877", "https://x.com/skocherhan/status/1938325482698903668", "https://x.com/skocherhan/status/1938327287415640302", "https://x.com/skocherhan/status/1938330429603647944" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 16, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunterAutoFeed", "id": "182496", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_182496/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 10, "domain": 10 }, "indicator_count": 20, "is_author": false, "is_subscribing": null, "subscriber_count": 1622, "modified_text": "308 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "681407cc8e3d56c88c7c10e5", "name": "Twitter Feed - malwrhunterteam - 01-05-2025", "description": "", "modified": "2025-05-31T23:01:47.796000", "created": "2025-05-01T23:46:20.940000", "tags": [], "references": [ "https://x.com/malwrhunterteam/status/1917543861972328830", "https://x.com/malwrhunterteam/status/1917838335164195058", "https://x.com/malwrhunterteam/status/1917853146208166313", "https://x.com/malwrhunterteam/status/1917863429186150802", "https://x.com/malwrhunterteam/status/1917871330289909958", "https://x.com/malwrhunterteam/status/1917925907446088075", "https://x.com/malwrhunterteam/status/1918041425905647846", "https://x.com/malwrhunterteam/status/1918051636393513129", "https://x.com/malwrhunterteam/status/1918056452108804448", "https://x.com/malwrhunterteam/status/1918057946124001752" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunterAutoFeed", "id": "182496", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_182496/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 10, "FileHash-SHA256": 9, "domain": 5, "hostname": 1 }, "indicator_count": 25, "is_author": false, "is_subscribing": null, "subscriber_count": 1621, "modified_text": "364 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "681d43c8773f8572bf9f4e6b", "name": "Twitter Feed - skocherhan - 08-05-2025", "description": "", "modified": "2025-05-08T23:52:40.112000", "created": "2025-05-08T23:52:40.112000", "tags": [ "Lumma", "malware", "Xworm", "opendir" ], "references": [ "https://x.com/skocherhan/status/1920300244803154206", "https://x.com/skocherhan/status/1920321510109024641", "https://x.com/skocherhan/status/1920349972718829778", "https://x.com/skocherhan/status/1920353804182028437", "https://x.com/skocherhan/status/1920382082867433557", "https://x.com/skocherhan/status/1920407479223017480", "https://x.com/skocherhan/status/1920408816723575144", "https://x.com/skocherhan/status/1920418319225454691", "https://x.com/skocherhan/status/1920443088062857590", "https://x.com/skocherhan/status/1920443496755757238", "https://x.com/skocherhan/status/1920451301835510257", "https://x.com/skocherhan/status/1920551014177951845", "https://x.com/skocherhan/status/1920599502735466739" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunterAutoFeed", "id": "182496", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_182496/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 30, "URL": 34, "hostname": 2, "FileHash-MD5": 17, "FileHash-SHA256": 1 }, "indicator_count": 84, "is_author": false, "is_subscribing": null, "subscriber_count": 1622, "modified_text": "387 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6760cf8ae8c644a637a36fd2", "name": "MUT-1244 Targets Cybersecurity Professionals with Phishing and Malware", "description": "", "modified": "2025-01-16T01:02:13.133000", "created": "2024-12-17T01:10:34.378000", "tags": [ "cicd" ], "references": [ "December 17th, 2024 - CryptoGen Cyber Threat Intelligence Advisory #5931 - MUT-1244 Targets Cybersecurity Professionals with Phishing and Malware" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 13, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "cryptocti", "id": "110256", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_110256/resized/80/avatar_e237a4257c.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "email": 3, "domain": 1 }, "indicator_count": 4, "is_author": false, "is_subscribing": null, "subscriber_count": 499, "modified_text": "500 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "66f73b88e06072665c019d97", "name": "URLHaus data - 27-09-2024", "description": "", "modified": "2024-10-27T23:01:22.375000", "created": "2024-09-27T23:11:04.524000", "tags": [ "32-bit", "elf", "mips", "Mozi", "arm", "mirai", "exe", "MassLogger", "VIPKeylogger", "Socks5Systemz", "doc", "ddos", "Lumma", "lummac2", "LummaStealer", "stealer", "squadware", "dropped-by-PrivateLoader", "Stealc", "ascii", "config", "GorillaBotnet", "sh", "Encoded", "SmartApeSG", "encrypted", "GuLoader", "njRAT", "rat", "MarsStealer", "ua-wget", "cmd", "BRA", "geofenced", "zip", "AgentTesla", "vdf", "PureLogStealer", "RedLineStealer", "opendir", "SnakeKeylogger", "txt", "Formbook", "RemcosRAT", "rev-base64-loader", "vbs", "related_to_mallox_ransomware", "hta", "CobaltStrike", "fastproxy", "multiverze", "shell", "ConnectBack", "dll", "gafgyt", "js", "vbmalware", "nitol", "Gh0stRAT", "shellscript", "SocGholish" ], "references": [ "https://urlhaus.abuse.ch/browse/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 59, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunterAutoFeed", "id": "182496", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_182496/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 951, "domain": 18, "hostname": 6 }, "indicator_count": 975, "is_author": false, "is_subscribing": null, "subscriber_count": 1621, "modified_text": "580 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65c41cd9d92c21e48cf9829e", "name": "Twitter Feed - doc_guard - 07-02-2024", "description": "", "modified": "2024-02-08T00:14:16.596000", "created": "2024-02-08T00:14:16.596000", "tags": [], "references": [ "https://twitter.com/doc_guard/status/1755217084181565571" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunterAutoFeed", "id": "182496", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_182496/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 1, "FileHash-MD5": 1, "URL": 3, "domain": 2 }, "indicator_count": 7, "is_author": false, "is_subscribing": null, "subscriber_count": 1621, "modified_text": "843 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6570a965e5cfc5d3923001cb", "name": "Malicious ip", "description": "", "modified": "2023-12-06T17:03:33.111000", "created": "2023-12-06T17:03:33.111000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 17, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 1, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 1177, "FileHash-MD5": 1582, "FileHash-SHA256": 8987, "hostname": 762, "FileHash-SHA1": 1575, "URL": 1722, "email": 12 }, "indicator_count": 15817, "is_author": false, "is_subscribing": null, "subscriber_count": 115, "modified_text": "906 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "codeberg.org", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "codeberg.org", "found": true, "verdict": "malicious", "url_count": 11, "online_count": 0, "blacklists": { "spamhaus_dbl": "not listed", "surbl": "not listed" }, "urls": [ { "url": "https://codeberg.org/wwxx/wwxx/raw/branch/main/The%20Foundry.exe", "status": "offline", "threat": "malware_download", "date_added": "2025-01-11", "tags": [ "LummaStealer", "MeduzaStealer" ] }, { "url": "https://codeberg.org/wwxx/wwxx/raw/branch/main/qebhojsmda.png", "status": "offline", "threat": "malware_download", "date_added": "2025-01-11", "tags": [ "MeduzaStealer" ] }, { "url": "https://codeberg.org/wwxx/wwxx/raw/branch/main/@bebanrti%20(1).exe", "status": "offline", "threat": "malware_download", "date_added": "2025-01-11", "tags": [ "MeduzaStealer" ] }, { "url": "https://codeberg.org/massgravel/Microsoft-Activation-Scripts/raw/commit/b1b5299c4725d97349b18b59061647198f7cc59b/MAS/All-In-One-Version-KL/MAS_AIO.cmd", "status": "offline", "threat": "malware_download", "date_added": "2024-09-27", "tags": [ "cmd" ] }, { "url": "https://codeberg.org/richard1242312/effective-system/raw/branch/main/stem.txt", "status": "offline", "threat": "malware_download", "date_added": "2023-08-22", "tags": [] }, { "url": "https://codeberg.org/lukemu2ikkk/leadexplore/raw/branch/main/guild.txt", "status": "offline", "threat": "malware_download", "date_added": "2023-04-13", "tags": [] }, { "url": "https://codeberg.org/grandemutrih/grandeown/raw/branch/main/Adobe_Photoshop_2022.rar", "status": "offline", "threat": "malware_download", "date_added": "2022-12-22", "tags": [ "Password-protected", "pw-softeasy", "Raccoon", "rar", "softeasy" ] }, { "url": "https://codeberg.org/softeasy/easyware/raw/branch/main/Adobe_Photoshop_2022.rar", "status": "offline", "threat": "malware_download", "date_added": "2022-12-17", "tags": [ "Password-protected", "pw-softeasy", "Raccoon", "rar", "softeasy" ] }, { "url": "https://codeberg.org/attachments/bd146589-99f8-407a-98c7-ca26a6fc99f4", "status": "offline", "threat": "malware_download", "date_added": "2022-12-12", "tags": [ "2022", "Password-protected", "pw-2022", "rar", "RedLine" ] }, { "url": "https://codeberg.org/guptywtyqp/repit/raw/branch/main/fork.txt", "status": "offline", "threat": "malware_download", "date_added": "2022-11-18", "tags": [] } ], "error": null }, "from_cache": true, "_cached_at": 1780211225.7899773 }