{ "type": "Domain", "indicator": "extranet.qualityplanning.com", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/extranet.qualityplanning.com", "alexa": "http://www.alexa.com/siteinfo/extranet.qualityplanning.com", "indicator": "extranet.qualityplanning.com", "type": "domain", "type_title": "Domain", "validation": [], "base_indicator": {}, "pulse_info": { "count": 0, "pulses": [], "references": [], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [] }, "other": { "adversary": [], "malware_families": [], "industries": [] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 1, "pulses": [ { "id": "69dcac5193a4767db4efdb48", "name": "Tracking MiniDionis: CozyCar's New Ride Is Related to Seaduke", "description": "A new campaign attributed to CozyDuke threat actors has been identified, utilizing malware called MiniDionis that appears related to Seaduke. The campaign began on July 7, 2015, targeting government organizations and think-tanks in democratic countries through spear phishing emails containing malicious links or attachments. The attack chain involves multi-stage droppers that deliver decoy media files while executing malicious payloads in the background. MiniDionis uses compromised legitimate websites for command and control, employs JSON-based configuration, and communicates over HTTPS using RC4 and AES encryption. The malware includes comprehensive command capabilities for system reconnaissance, file operations, and remote execution. The attackers demonstrate sophisticated techniques including manual HTTP redirection handling and cleanup mechanisms to evade forensic analysis.", "author_name": "AlienVault", "modified": "2026-04-13T08:42:24.089000", "created": "2026-04-13T08:41:53.482000", "revision": 2, "tlp": "white", "public": 1, "adversary": "CozyDuke", "indicators": [ { "id": 4157551390, "indicator": "CVE-2025-55182", "type": "CVE", "created": "2026-04-13T08:41:54", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1, "role": null }, { "id": 12836, "indicator": "01039a95e0a14767784acc8f07035935", "type": "FileHash-MD5", "created": "2026-04-13T08:41:54", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1, "role": null }, { "id": 12839, "indicator": "030da7510113c28ee68df8a19c643bb0", "type": "FileHash-MD5", "created": "2026-04-13T08:41:54", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1, "role": null }, { "id": 1026101, "indicator": "0d132ee171768dc30d14590ed2dbadd1", "type": "FileHash-MD5", "created": "2026-04-13T08:41:54", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1, "role": null }, { "id": 12834, "indicator": "0f9534b63cb7af1e3aa34839d7d6e632", "type": "FileHash-MD5", "created": "2026-04-13T08:41:54", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1, "role": null }, { "id": 12846, "indicator": "1dd593ad084e1526c8facce834b0e124", "type": "FileHash-MD5", "created": "2026-04-13T08:41:54", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1, "role": null }, { "id": 12847, "indicator": "24083e6186bc773cd9c2e70a49309763", "type": "FileHash-MD5", "created": "2026-04-13T08:41:54", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1, "role": null }, { "id": 12838, "indicator": "26bd36cc57e30656363ca89910579f63", "type": "FileHash-MD5", "created": "2026-04-13T08:41:54", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1, "role": null }, { "id": 12855, "indicator": "2e64131c0426a18c1c363ec69ae6b5f2", "type": "FileHash-MD5", "created": "2026-04-13T08:41:54", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1, "role": null }, { "id": 12837, "indicator": "3195110045f64a3c83fc3e043c46d253", "type": "FileHash-MD5", "created": "2026-04-13T08:41:54", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1, "role": null }, { "id": 12842, "indicator": "3a04a5d7ed785daa16f4ebfd3acf0867", "type": "FileHash-MD5", "created": "2026-04-13T08:41:54", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1, "role": null }, { "id": 12850, "indicator": "42ffc84c6381a18b1f6d000b94c74b09", "type": "FileHash-MD5", "created": "2026-04-13T08:41:54", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1, "role": null }, { "id": 12849, "indicator": "4cbd9a0832dcf23867b092de37c10d9d", "type": "FileHash-MD5", "created": "2026-04-13T08:41:54", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1, "role": null }, { "id": 12851, "indicator": "51ea28f4f3fa794d5b207475897b1eef", "type": "FileHash-MD5", "created": "2026-04-13T08:41:54", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1, "role": null }, { "id": 12835, "indicator": "70f5574e4e7ad360f4f5c2117a7a1ca7", "type": "FileHash-MD5", "created": "2026-04-13T08:41:54", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1, "role": null }, { "id": 12840, "indicator": "719cf63a3922953ceaca6fb4dbed6584", "type": "FileHash-MD5", "created": "2026-04-13T08:41:54", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1, "role": null }, { "id": 12853, "indicator": "9018fa0826f237342471895f315dbf39", "type": "FileHash-MD5", "created": "2026-04-13T08:41:54", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1, "role": null }, { "id": 12848, "indicator": "98613ecb3afde5fc48ca4204f8363f1d", "type": "FileHash-MD5", "created": "2026-04-13T08:41:54", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1, "role": null }, { "id": 12854, "indicator": "a9c045c401afb9766e2ca838dc6f47a4", "type": "FileHash-MD5", "created": "2026-04-13T08:41:54", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1, "role": null }, { "id": 12845, "indicator": "b0a9a175e2407352214b2d005253bc0c", "type": "FileHash-MD5", "created": "2026-04-13T08:41:54", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1, "role": null }, { "id": 12841, "indicator": "b55628a605a5dfb5005c44220ae03b8a", "type": "FileHash-MD5", "created": "2026-04-13T08:41:54", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1, "role": null }, { "id": 12833, "indicator": "c8b49b42e6ebb6b977ce7001b6bd96c8", "type": "FileHash-MD5", "created": "2026-04-13T08:41:54", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1, "role": null }, { "id": 12843, "indicator": "ca770a4c9881afcd610aad30aa53f651", "type": "FileHash-MD5", "created": "2026-04-13T08:41:54", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1, "role": null }, { "id": 12844, "indicator": "e00bf9b8261410744c10ae3fe2ce9049", "type": "FileHash-MD5", "created": "2026-04-13T08:41:54", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1, "role": null }, { "id": 12856, "indicator": "e07ef8ffe965ec8b72041ddf9527cac4", "type": "FileHash-MD5", "created": "2026-04-13T08:41:54", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1, "role": null }, { "id": 12857, "indicator": "f415470b9f0edc1298b1f6ae75dfaf31", "type": "FileHash-MD5", "created": "2026-04-13T08:41:54", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1, "role": null }, { "id": 12852, "indicator": "f8cb10b2ee8af6c5555e9cf3701b845f", "type": "FileHash-MD5", "created": "2026-04-13T08:41:54", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1, "role": null }, { "id": 12858, "indicator": "103.226.132.7", "type": "IPv4", "created": "2026-04-13T08:41:54", "content": "", "title": "", "description": "", "expiration": "2026-05-13T08:00:00", "is_active": 1, "role": null }, { "id": 12859, "indicator": "103.254.16.168", "type": "IPv4", "created": "2026-04-13T08:41:54", "content": "", "title": "", "description": "", "expiration": "2026-05-13T08:00:00", "is_active": 1, "role": null }, { "id": 12860, "indicator": "122.228.193.115", "type": "IPv4", "created": "2026-04-13T08:41:54", "content": "", "title": "", "description": "", "expiration": "2026-05-13T08:00:00", "is_active": 1, "role": null }, { "id": 1581741181, "indicator": "64.244.34.200", "type": "IPv4", "created": "2026-04-13T08:41:54", "content": "", "title": "", "description": "", "expiration": "2026-05-13T08:00:00", "is_active": 1, "role": null }, { "id": 1026099, "indicator": "https://www.illuminatistudios.net/mobile/viewer.php", "type": "URL", "created": "2026-04-13T08:41:54", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1, "role": null }, { "id": 12862, "indicator": "connectads.com", "type": "domain", "created": "2026-04-13T08:41:54", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1, "role": null }, { "id": 12826, "indicator": "illuminatistudios.net", "type": "domain", "created": "2026-04-13T08:41:54", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1, "role": null }, { "id": 12824, "indicator": "kane-consulting.net", "type": "domain", "created": "2026-04-13T08:41:54", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1, "role": null }, { "id": 12825, "indicator": "redbluffchamber.com", "type": "domain", "created": "2026-04-13T08:41:54", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1, "role": null }, { "id": 12861, "indicator": "visionresearch.com", "type": "domain", "created": "2026-04-13T08:41:54", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1, "role": null }, { "id": 12828, "indicator": "betawebservices.ntnonline.com", "type": "hostname", "created": "2026-04-13T08:41:54", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1, "role": null }, { "id": 12832, "indicator": "edadmin.kearsney.com", "type": "hostname", "created": "2026-04-13T08:41:54", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1, "role": null }, { "id": 12829, "indicator": "extranet.qualityplanning.com", "type": "hostname", "created": "2026-04-13T08:41:54", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1, "role": null }, { "id": 12827, "indicator": "ff.whitebirchpaper.com", "type": "hostname", "created": "2026-04-13T08:41:54", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1, "role": null }, { "id": 12831, "indicator": "secure.hgl.com", "type": "hostname", "created": "2026-04-13T08:41:54", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1, "role": null }, { "id": 12830, "indicator": "staff.shasta.com", "type": "hostname", "created": "2026-04-13T08:41:54", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1, "role": null }, { "id": 1026100, "indicator": "www.illuminatistudios.net", "type": "hostname", "created": "2026-04-13T08:41:54", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1, "role": null } ], "tags": [ "minidionis", "cozer", "cloudlook", "json-configuration", "cloudduke", "cozycar", "seadaddy", "seadesk", "government-targeting", "seaduke", "multi-stage-dropper", "cozyduke", "cozybear", "https-c2", "euroapt", "spear-phishing", "forkmeimfamous" ], "targeted_countries": [], "malware_families": [ "CloudDuke - S0054", "MiniDionis", "CloudLook", "CozyCar - S0046", "CozyDuke", "CozyBear", "Cozer", "EuroAPT", "SeaDuke - S0053", "SeaDaddy", "SeaDesk", "Forkmeimfamous" ], "attack_ids": [], "references": [ "https://unit42.paloaltonetworks.com/tracking-minidionis-cozycars-new-ride-is-related-to-seaduke" ], "industries": [ "Government" ], "extract_source": [], "more_indicators": false, "indicator_count": 44 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "extranet.qualityplanning.com", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "extranet.qualityplanning.com", "found": false, "verdict": "clean", "urls": [], "error": null }, "from_cache": true, "_cached_at": 1776134648.2291732 }