{ "type": "Domain", "indicator": "fieldeffect.com", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/fieldeffect.com", "alexa": "http://www.alexa.com/siteinfo/fieldeffect.com", "indicator": "fieldeffect.com", "type": "domain", "type_title": "Domain", "validation": [], "base_indicator": { "id": 4052844423, "indicator": "fieldeffect.com", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 7, "pulses": [ { "id": "69bbb1e7ff6cad955292ee7f", "name": "EbeeMar2026 Pt1", "description": "Multiple APT/threat actors, Malware and Campaigns", "modified": "2026-04-18T08:06:12.483000", "created": "2026-03-19T08:20:55.172000", "tags": [ "filehashmd5", "filehashsha256", "filehashsha1", "computername", "date", "time", "username", "generatedbotid", "uwhi6jqzqh7", "encoded url" ], "references": [ "IOCs.2026.1.csv" ], "public": 1, "adversary": "Forbidden Hyena, Fake FileZilla site, TAXISPY RAT, InstallFix, Lone wolf, BoryptGrab", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "IMEBEEIMFINE", "id": "343873", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 58, "FileHash-MD5": 262, "FileHash-SHA1": 197, "FileHash-SHA256": 270, "CVE": 6, "domain": 58, "email": 4, "hostname": 52 }, "indicator_count": 907, "is_author": false, "is_subscribing": null, "subscriber_count": 40, "modified_text": "44 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69b6563c0597ac612e644416", "name": "Iranian APT Actors-Pt5", "description": "", "modified": "2026-04-15T09:12:52.422000", "created": "2026-03-15T06:48:28.010000", "tags": [ "filehashsha256", "filehashmd5", "filename", "filehashsha1", "bitcoinaddress", "temp", "port8083 domain", "registry", "cve201711882", "cve20170199" ], "references": [ "IOCs.2026.2.csv" ], "public": 1, "adversary": "Cleaver, Handala, OilRig, RansomHouse, Leafminer, CopyKittens, Muddy Water, Wiper Malwares", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 20, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "IMEBEEIMFINE", "id": "343873", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 32, "FileHash-MD5": 261, "FileHash-SHA1": 191, "FileHash-SHA256": 291, "CIDR": 2, "CVE": 4, "domain": 95, "hostname": 23 }, "indicator_count": 899, "is_author": false, "is_subscribing": null, "subscriber_count": 44, "modified_text": "47 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69a75a7219933304ca3ca94b", "name": "Situation Report: Middle East Escalation (February 27\u20131st March, 2026) | CloudSEK", "description": "", "modified": "2026-03-03T22:02:26.664000", "created": "2026-03-03T22:02:26.664000", "tags": [ "israel", "iran", "ddos", "february", "middle east", "gulf", "middle eastern", "qatar", "saudi arabia", "israeli", "team", "energy", "cloud", "magnitude", "cobalt strike", "powershell", "telegram", "june", "fury", "target", "union", "cyber", "middle" ], "references": [ "https://www.cloudsek.com/blog/middle-east-escalation-israel-iran-us-cyber-war-2026" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Tr1sa111", "id": "192483", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 5, "domain": 3, "hostname": 2 }, "indicator_count": 10, "is_author": false, "is_subscribing": null, "subscriber_count": 278, "modified_text": "90 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "695ca1564cb6271d22786209", "name": "Salt Typhoon: A Persistent Threat to Global Telecommunications Infrastructure", "description": "", "modified": "2026-01-06T05:44:54.115000", "created": "2026-01-06T05:44:54.115000", "tags": [ "exploit", "threat intelligence", "credential", "threat actor", "cyber warfare", "defense evasion", "mobile", "sso", "phishing", "password", "critical infrastructure", "discovery", "soc", "monitor", "backdoor", "persistence", "email", "government", "privilege", "risk assessment", "windows", "firewall", "sms", "payload", "china", "initial access", "network security", "vulnerability", "incident response", "collection", "browser", "dns", "vpn", "zero-day", "proxy", "tool", "patch", "apt", "lateral movement", "cve", "exfiltration", "salt typhoon", "mitre", "typhoon", "earth estries", "ghostspider", "ttps", "file", "cobalt strike", "crowdoor", "tools", "malware", "cyber", "ghostemperor", "psexec", "cobalt", "snappybee", "attack", "baran", "tech" ], "references": [ "https://www.hendryadrian.com/salt-typhoon-a-persistent-threat-to-global-telecommunications-infrastructure/?utm_source=chatgpt.com" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1005", "name": "Data from Local System", "display_name": "T1005 - Data from Local System" }, { "id": "T1021", "name": "Remote Services", "display_name": "T1021 - Remote Services" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1041", "name": "Exfiltration Over C2 Channel", "display_name": "T1041 - Exfiltration Over C2 Channel" }, { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1068", "name": "Exploitation for Privilege Escalation", "display_name": "T1068 - Exploitation for Privilege Escalation" }, { "id": "T1078", "name": "Valid Accounts", "display_name": "T1078 - Valid Accounts" }, { "id": "T1090", "name": "Proxy", "display_name": "T1090 - Proxy" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1190", "name": "Exploit Public-Facing Application", "display_name": "T1190 - Exploit Public-Facing Application" }, { "id": "T1543", "name": "Create or Modify System Process", "display_name": "T1543 - Create or Modify System Process" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Tr1sa111", "id": "192483", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 8, "FileHash-MD5": 60, "FileHash-SHA1": 46, "FileHash-SHA256": 63, "URL": 2, "domain": 1, "hostname": 1 }, "indicator_count": 181, "is_author": false, "is_subscribing": null, "subscriber_count": 279, "modified_text": "146 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "68f775d94e7f613bf3eee23c", "name": "Hackers Used Snappybee Malware and Citrix Flaw to Breach European Telecom Network", "description": "Find out more about Darktrace, the artificial intelligence (AI) technology company, which helps companies detect, prevent and respond to cyber attacks across a range of industries. \u00c2\u00a31.5bn", "modified": "2025-11-20T11:03:45.100000", "created": "2025-10-21T12:00:25.424000", "tags": [ "network", "darktrace", "anomaly", "cyber ai", "analyst", "significant", "ip address", "august", "redacteddc2", "esxi device", "possible", "monitoring", "akira", "mimikatz", "anydesk", "winrar", "winscp", "ruby", "download", "exploit", "iobit" ], "references": [ "https://www.darktrace.com/blog/salty-much-darktraces-view-on-a-recent-salt-typhoon-intrusion" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "IObit", "display_name": "IObit", "target": null }, { "id": "Akira", "display_name": "Akira", "target": null } ], "attack_ids": [ { "id": "T1018", "name": "Remote System Discovery", "display_name": "T1018 - Remote System Discovery" }, { "id": "T1021", "name": "Remote Services", "display_name": "T1021 - Remote Services" }, { "id": "T1046", "name": "Network Service Scanning", "display_name": "T1046 - Network Service Scanning" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1074", "name": "Data Staged", "display_name": "T1074 - Data Staged" }, { "id": "T1078", "name": "Valid Accounts", "display_name": "T1078 - Valid Accounts" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1110", "name": "Brute Force", "display_name": "T1110 - Brute Force" }, { "id": "T1190", "name": "Exploit Public-Facing Application", "display_name": "T1190 - Exploit Public-Facing Application" }, { "id": "T1550", "name": "Use Alternate Authentication Material", "display_name": "T1550 - Use Alternate Authentication Material" }, { "id": "T1571", "name": "Non-Standard Port", "display_name": "T1571 - Non-Standard Port" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1588", "name": "Obtain Capabilities", "display_name": "T1588 - Obtain Capabilities" }, { "id": "T1590", "name": "Gather Victim Network Information", "display_name": "T1590 - Gather Victim Network Information" }, { "id": "T1592", "name": "Gather Victim Host Information", "display_name": "T1592 - Gather Victim Host Information" }, { "id": "T1102", "name": "Web Service", "display_name": "T1102 - Web Service" }, { "id": "T1530", "name": "Data from Cloud Storage Object", "display_name": "T1530 - Data from Cloud Storage Object" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1195", "name": "Supply Chain Compromise", "display_name": "T1195 - Supply Chain Compromise" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunter_NL", "id": "171283", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_171283/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 23, "CVE": 1, "FileHash-MD5": 1, "FileHash-SHA1": 1, "FileHash-SHA256": 1, "domain": 3, "hostname": 6 }, "indicator_count": 36, "is_author": false, "is_subscribing": null, "subscriber_count": 862, "modified_text": "193 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "68dcfe617051963f6fa4a7e3", "name": "EbeeSep2025 Pt5", "description": "", "modified": "2025-10-31T10:03:43.999000", "created": "2025-10-01T10:11:45.879000", "tags": [], "references": [ "Sep week4.pdf" ], "public": 1, "adversary": "BeaverTail, Gunra Ransomware, Lockbit, Lumma Staeler, TamperedChef, RedNovember, XWorm campaign", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 4, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "IMEBEEIMFINE", "id": "343873", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 97, "FileHash-MD5": 95, "FileHash-SHA1": 117, "FileHash-SHA256": 105, "CVE": 5, "URL": 21, "hostname": 50, "email": 2 }, "indicator_count": 492, "is_author": false, "is_subscribing": null, "subscriber_count": 41, "modified_text": "213 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "68da443ad920d1b227d4fd19", "name": "TamperedChef Malware Leverages Trojanized Applications for Browser Hijacking", "description": "It has uncovered now a TamperedChef malware campaign targeting two trojanized applications ImageLooker.exe and Calendaromatic.exe distributed as self extracting 7-zip archives.", "modified": "2025-09-29T08:32:58.173000", "created": "2025-09-29T08:32:58.173000", "tags": [], "references": [ "September 29th, 2025 - CryptoGen Cyber Threat Intelligence Advisory #8251 - TamperedChef Malware Leverages Trojanized Applications for Browser Hijacking.pdf" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "cryptocti", "id": "110256", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_110256/resized/80/avatar_e237a4257c.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 1, "FileHash-MD5": 2, "FileHash-SHA1": 2, "URL": 2, "domain": 4 }, "indicator_count": 11, "is_author": false, "is_subscribing": null, "subscriber_count": 500, "modified_text": "245 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "references": [ "IOCs.2026.2.csv", "https://www.hendryadrian.com/salt-typhoon-a-persistent-threat-to-global-telecommunications-infrastructure/?utm_source=chatgpt.com", "September 29th, 2025 - CryptoGen Cyber Threat Intelligence Advisory #8251 - TamperedChef Malware Leverages Trojanized Applications for Browser Hijacking.pdf", "IOCs.2026.1.csv", "https://www.cloudsek.com/blog/middle-east-escalation-israel-iran-us-cyber-war-2026", "https://www.darktrace.com/blog/salty-much-darktraces-view-on-a-recent-salt-typhoon-intrusion", "Sep week4.pdf" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [] }, "other": { "adversary": [ "Forbidden Hyena, Fake FileZilla site, TAXISPY RAT, InstallFix, Lone wolf, BoryptGrab", "BeaverTail, Gunra Ransomware, Lockbit, Lumma Staeler, TamperedChef, RedNovember, XWorm campaign", "Cleaver, Handala, OilRig, RansomHouse, Leafminer, CopyKittens, Muddy Water, Wiper Malwares" ], "malware_families": [ "Iobit", "Akira" ], "industries": [] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 7, "pulses": [ { "id": "69bbb1e7ff6cad955292ee7f", "name": "EbeeMar2026 Pt1", "description": "Multiple APT/threat actors, Malware and Campaigns", "modified": "2026-04-18T08:06:12.483000", "created": "2026-03-19T08:20:55.172000", "tags": [ "filehashmd5", "filehashsha256", "filehashsha1", "computername", "date", "time", "username", "generatedbotid", "uwhi6jqzqh7", "encoded url" ], "references": [ "IOCs.2026.1.csv" ], "public": 1, "adversary": "Forbidden Hyena, Fake FileZilla site, TAXISPY RAT, InstallFix, Lone wolf, BoryptGrab", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "IMEBEEIMFINE", "id": "343873", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 58, "FileHash-MD5": 262, "FileHash-SHA1": 197, "FileHash-SHA256": 270, "CVE": 6, "domain": 58, "email": 4, "hostname": 52 }, "indicator_count": 907, "is_author": false, "is_subscribing": null, "subscriber_count": 40, "modified_text": "44 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69b6563c0597ac612e644416", "name": "Iranian APT Actors-Pt5", "description": "", "modified": "2026-04-15T09:12:52.422000", "created": "2026-03-15T06:48:28.010000", "tags": [ "filehashsha256", "filehashmd5", "filename", "filehashsha1", "bitcoinaddress", "temp", "port8083 domain", "registry", "cve201711882", "cve20170199" ], "references": [ "IOCs.2026.2.csv" ], "public": 1, "adversary": "Cleaver, Handala, OilRig, RansomHouse, Leafminer, CopyKittens, Muddy Water, Wiper Malwares", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 20, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "IMEBEEIMFINE", "id": "343873", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 32, "FileHash-MD5": 261, "FileHash-SHA1": 191, "FileHash-SHA256": 291, "CIDR": 2, "CVE": 4, "domain": 95, "hostname": 23 }, "indicator_count": 899, "is_author": false, "is_subscribing": null, "subscriber_count": 44, "modified_text": "47 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69a75a7219933304ca3ca94b", "name": "Situation Report: Middle East Escalation (February 27\u20131st March, 2026) | CloudSEK", "description": "", "modified": "2026-03-03T22:02:26.664000", "created": "2026-03-03T22:02:26.664000", "tags": [ "israel", "iran", "ddos", "february", "middle east", "gulf", "middle eastern", "qatar", "saudi arabia", "israeli", "team", "energy", "cloud", "magnitude", "cobalt strike", "powershell", "telegram", "june", "fury", "target", "union", "cyber", "middle" ], "references": [ "https://www.cloudsek.com/blog/middle-east-escalation-israel-iran-us-cyber-war-2026" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Tr1sa111", "id": "192483", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 5, "domain": 3, "hostname": 2 }, "indicator_count": 10, "is_author": false, "is_subscribing": null, "subscriber_count": 278, "modified_text": "90 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "695ca1564cb6271d22786209", "name": "Salt Typhoon: A Persistent Threat to Global Telecommunications Infrastructure", "description": "", "modified": "2026-01-06T05:44:54.115000", "created": "2026-01-06T05:44:54.115000", "tags": [ "exploit", "threat intelligence", "credential", "threat actor", "cyber warfare", "defense evasion", "mobile", "sso", "phishing", "password", "critical infrastructure", "discovery", "soc", "monitor", "backdoor", "persistence", "email", "government", "privilege", "risk assessment", "windows", "firewall", "sms", "payload", "china", "initial access", "network security", "vulnerability", "incident response", "collection", "browser", "dns", "vpn", "zero-day", "proxy", "tool", "patch", "apt", "lateral movement", "cve", "exfiltration", "salt typhoon", "mitre", "typhoon", "earth estries", "ghostspider", "ttps", "file", "cobalt strike", "crowdoor", "tools", "malware", "cyber", "ghostemperor", "psexec", "cobalt", "snappybee", "attack", "baran", "tech" ], "references": [ "https://www.hendryadrian.com/salt-typhoon-a-persistent-threat-to-global-telecommunications-infrastructure/?utm_source=chatgpt.com" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1005", "name": "Data from Local System", "display_name": "T1005 - Data from Local System" }, { "id": "T1021", "name": "Remote Services", "display_name": "T1021 - Remote Services" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1041", "name": "Exfiltration Over C2 Channel", "display_name": "T1041 - Exfiltration Over C2 Channel" }, { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1068", "name": "Exploitation for Privilege Escalation", "display_name": "T1068 - Exploitation for Privilege Escalation" }, { "id": "T1078", "name": "Valid Accounts", "display_name": "T1078 - Valid Accounts" }, { "id": "T1090", "name": "Proxy", "display_name": "T1090 - Proxy" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1190", "name": "Exploit Public-Facing Application", "display_name": "T1190 - Exploit Public-Facing Application" }, { "id": "T1543", "name": "Create or Modify System Process", "display_name": "T1543 - Create or Modify System Process" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Tr1sa111", "id": "192483", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 8, "FileHash-MD5": 60, "FileHash-SHA1": 46, "FileHash-SHA256": 63, "URL": 2, "domain": 1, "hostname": 1 }, "indicator_count": 181, "is_author": false, "is_subscribing": null, "subscriber_count": 279, "modified_text": "146 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "68f775d94e7f613bf3eee23c", "name": "Hackers Used Snappybee Malware and Citrix Flaw to Breach European Telecom Network", "description": "Find out more about Darktrace, the artificial intelligence (AI) technology company, which helps companies detect, prevent and respond to cyber attacks across a range of industries. \u00c2\u00a31.5bn", "modified": "2025-11-20T11:03:45.100000", "created": "2025-10-21T12:00:25.424000", "tags": [ "network", "darktrace", "anomaly", "cyber ai", "analyst", "significant", "ip address", "august", "redacteddc2", "esxi device", "possible", "monitoring", "akira", "mimikatz", "anydesk", "winrar", "winscp", "ruby", "download", "exploit", "iobit" ], "references": [ "https://www.darktrace.com/blog/salty-much-darktraces-view-on-a-recent-salt-typhoon-intrusion" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "IObit", "display_name": "IObit", "target": null }, { "id": "Akira", "display_name": "Akira", "target": null } ], "attack_ids": [ { "id": "T1018", "name": "Remote System Discovery", "display_name": "T1018 - Remote System Discovery" }, { "id": "T1021", "name": "Remote Services", "display_name": "T1021 - Remote Services" }, { "id": "T1046", "name": "Network Service Scanning", "display_name": "T1046 - Network Service Scanning" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1074", "name": "Data Staged", "display_name": "T1074 - Data Staged" }, { "id": "T1078", "name": "Valid Accounts", "display_name": "T1078 - Valid Accounts" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1110", "name": "Brute Force", "display_name": "T1110 - Brute Force" }, { "id": "T1190", "name": "Exploit Public-Facing Application", "display_name": "T1190 - Exploit Public-Facing Application" }, { "id": "T1550", "name": "Use Alternate Authentication Material", "display_name": "T1550 - Use Alternate Authentication Material" }, { "id": "T1571", "name": "Non-Standard Port", "display_name": "T1571 - Non-Standard Port" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1588", "name": "Obtain Capabilities", "display_name": "T1588 - Obtain Capabilities" }, { "id": "T1590", "name": "Gather Victim Network Information", "display_name": "T1590 - Gather Victim Network Information" }, { "id": "T1592", "name": "Gather Victim Host Information", "display_name": "T1592 - Gather Victim Host Information" }, { "id": "T1102", "name": "Web Service", "display_name": "T1102 - Web Service" }, { "id": "T1530", "name": "Data from Cloud Storage Object", "display_name": "T1530 - Data from Cloud Storage Object" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1195", "name": "Supply Chain Compromise", "display_name": "T1195 - Supply Chain Compromise" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunter_NL", "id": "171283", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_171283/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 23, "CVE": 1, "FileHash-MD5": 1, "FileHash-SHA1": 1, "FileHash-SHA256": 1, "domain": 3, "hostname": 6 }, "indicator_count": 36, "is_author": false, "is_subscribing": null, "subscriber_count": 862, "modified_text": "193 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "68dcfe617051963f6fa4a7e3", "name": "EbeeSep2025 Pt5", "description": "", "modified": "2025-10-31T10:03:43.999000", "created": "2025-10-01T10:11:45.879000", "tags": [], "references": [ "Sep week4.pdf" ], "public": 1, "adversary": "BeaverTail, Gunra Ransomware, Lockbit, Lumma Staeler, TamperedChef, RedNovember, XWorm campaign", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 4, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "IMEBEEIMFINE", "id": "343873", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 97, "FileHash-MD5": 95, "FileHash-SHA1": 117, "FileHash-SHA256": 105, "CVE": 5, "URL": 21, "hostname": 50, "email": 2 }, "indicator_count": 492, "is_author": false, "is_subscribing": null, "subscriber_count": 41, "modified_text": "213 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "68da443ad920d1b227d4fd19", "name": "TamperedChef Malware Leverages Trojanized Applications for Browser Hijacking", "description": "It has uncovered now a TamperedChef malware campaign targeting two trojanized applications ImageLooker.exe and Calendaromatic.exe distributed as self extracting 7-zip archives.", "modified": "2025-09-29T08:32:58.173000", "created": "2025-09-29T08:32:58.173000", "tags": [], "references": [ "September 29th, 2025 - CryptoGen Cyber Threat Intelligence Advisory #8251 - TamperedChef Malware Leverages Trojanized Applications for Browser Hijacking.pdf" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "cryptocti", "id": "110256", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_110256/resized/80/avatar_e237a4257c.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 1, "FileHash-MD5": 2, "FileHash-SHA1": 2, "URL": 2, "domain": 4 }, "indicator_count": 11, "is_author": false, "is_subscribing": null, "subscriber_count": 500, "modified_text": "245 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "fieldeffect.com", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "fieldeffect.com", "found": false, "verdict": "clean", "urls": [], "error": null }, "from_cache": true, "_cached_at": 1780354638.1792157 }