{ "type": "Domain", "indicator": "flygram.org", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/flygram.org", "alexa": "http://www.alexa.com/siteinfo/flygram.org", "indicator": "flygram.org", "type": "domain", "type_title": "Domain", "validation": [], "base_indicator": { "id": 3746950752, "indicator": "flygram.org", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 18, "pulses": [ { "id": "64f09f67430167a084c508ac", "name": "BadBazaar espionage tool targets Android users via trojanized Signal and Telegram apps", "description": "Research has identified two campaigns targeting Android users via trojanized Signal and Telegram apps and a malware family that has previously been used to target Uyghurs and other Turkic ethnic minorities.", "modified": "2023-10-03T14:04:17.862000", "created": "2023-08-31T14:10:46.581000", "tags": [ "flygram", "badbazaar", "messenger", "c server", "android", "doubleagent", "ukraine", "xslcmd", "silkbean", "carbonsteal", "goldeneagle", "gref", "uyghur telegram", "os x" ], "references": [ "https://www.welivesecurity.com/en/eset-research/badbazaar-espionage-tool-targets-android-users-trojanized-signal-telegram-apps/" ], "public": 1, "adversary": "GREF", "targeted_countries": [ "China", "Australia", "Brazil", "Denmark", "Congo", "Germany", "Hong Kong", "Hungary", "Lithuania", "Netherlands", "Poland", "Portugal", "Singapore", "Spain", "Ukraine", "United States of America", "Yemen" ], "malware_families": [ { "id": "FlyGram", "display_name": "FlyGram", "target": null }, { "id": "Uyghur Telegram", "display_name": "Uyghur Telegram", "target": null }, { "id": "OS X", "display_name": "OS X", "target": null }, { "id": "GREF", "display_name": "GREF", "target": null }, { "id": "Android", "display_name": "Android", "target": null }, { "id": "BadBazaar", "display_name": "BadBazaar", "target": null } ], "attack_ids": [ { "id": "T1418", "name": "Application Discovery", "display_name": "T1418 - Application Discovery" }, { "id": "T1426", "name": "System Information Discovery", "display_name": "T1426 - System Information Discovery" }, { "id": "T1430", "name": "Location Tracking", "display_name": "T1430 - Location Tracking" }, { "id": "T1437", "name": "Standard Application Layer Protocol", "display_name": "T1437 - Standard Application Layer Protocol" }, { "id": "T1509", "name": "Uncommonly Used Port", "display_name": "T1509 - Uncommonly Used Port" }, { "id": "T1495", "name": "Firmware Corruption", "display_name": "T1495 - Firmware Corruption" }, { "id": "T1134", "name": "Access Token Manipulation", "display_name": "T1134 - Access Token Manipulation" }, { "id": "T1040", "name": "Network Sniffing", "display_name": "T1040 - Network Sniffing" }, { "id": "T1530", "name": "Data from Cloud Storage Object", "display_name": "T1530 - Data from Cloud Storage Object" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1090", "name": "Proxy", "display_name": "T1090 - Proxy" }, { "id": "T1422", "name": "System Network Configuration Discovery", "display_name": "T1422 - System Network Configuration Discovery" }, { "id": "T1533", "name": "Data from Local System", "display_name": "T1533 - Data from Local System" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 371, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 1, "FileHash-SHA1": 6, "FileHash-SHA256": 1, "domain": 2, "hostname": 9 }, "indicator_count": 19, "is_author": false, "is_subscribing": null, "subscriber_count": 386696, "modified_text": "972 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "68897aac34d205d5cfc55c74", "name": "Threat Actor Profile: Mirage", "description": "# Mirage - Threat Actor Profile\n\n**Report Date**: 2025-07-30\n\n**Actor Type**: unknown\n\n## Description\nMirage is a sophisticated cyber espionage group believed to be linked to Chinas Peoples Liberation Army PLA. The groups primary focus is on intelligence gathering, targeting sectors like aerospace and defense. They employ a variety of tactics and tools, including custom malware.\n\n## Targeted Sectors\n* Administraci\u00f3n p\u00fablica\n* Transporte a\u00e9reo\n* Manufactura\n* Investigaci\u00f3n y tecnolog\u00eda espacial\n* Servicios p\u00fablicos\n* ... y 10 m\u00e1s\n\n## Targeted Countries\n* Rep\u00fablica Dominicana\n* India 2\n* Ghana\n* Siria\n* Venezuela\n* ... y 61 m\u00e1s", "modified": "2025-07-30T01:51:40.989000", "created": "2025-07-30T01:51:40.989000", "tags": [ "threat_actor", "unknown", "target:Dominican Republic", "target:India 2", "target:Ghana", "target:Siria", "target:Venezuela", "target:India", "target:Switzerland", "target:El Salvador", "target:Italy", "target:Mali", "target:Colombia", "target:Pakistan", "target:Panama", "target:Barbados", "target:Bulgaria", "target:But\u00e1n", "target:Albania", "target:South Africa", "target:Uzbekist\u00e1n", "target:Chequia", "target:Ecuador", "target:Eslovaquia", "target:Guatemala", "target:Belgium", "target:Montenegro", "target:Malaysia", "target:Poland", "target:Egypt", "target:EE.UU.", "target:Trinidad y Tobago", "target:Afganist\u00e1n", "target:Georgia", "target:Nigeria", "target:Saudi Arabia", "target:Brazil", "target:France", "target:Indonesia", "target:Chile", "target:Jamaica", "target:Hungary", "target:Portugal", "target:United Kingdom", "target:Peru", "target:Iran", "target:Turqu\u00eda", "target:Kazajist\u00e1n", "target:Bosnia y Herzegovina", "target:China", "target:Sri Lanka", "target:Croacia", "target:Germany", "target:Libia", "target:Mexico", "target:United Arab Emirates", "target:Argentina", "target:Global", "target:Netherlands", "target:Japan", "target:Bolivia", "target:Yibuti", "target:Vietnam", "target:Fiyi", "target:Cuba", "target:Camboya", "target:Taiw\u00e1n", "target:United States" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 20, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "fraevolquez", "id": "91700", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 6, "hostname": 48, "domain": 41 }, "indicator_count": 95, "is_author": false, "is_subscribing": null, "subscriber_count": 55, "modified_text": "306 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6851f4070f95e4f44c09efcf", "name": "Threat Actor Profile: Mirage", "description": "# Mirage - Threat Actor Profile\n\n**Report Date**: 2025-06-17\n\n**Actor Type**: unknown\n\n## Description\nMirage is a sophisticated cyber espionage group believed to be linked to Chinas Peoples Liberation Army PLA. The groups primary focus is on intelligence gathering, targeting sectors like aerospace and defense. They employ a variety of tactics and tools, including custom malware.\n\n## Targeted Sectors\n* Administraci\u00f3n p\u00fablica\n* Transporte a\u00e9reo\n* Manufactura\n* Investigaci\u00f3n y tecnolog\u00eda espacial\n* Servicios p\u00fablicos\n* ... y 10 m\u00e1s\n\n## Targeted Countries\n* Rep\u00fablica Dominicana\n* India 2\n* Ghana\n* Siria\n* Venezuela\n* ... y 61 m\u00e1s", "modified": "2025-06-17T23:02:30.349000", "created": "2025-06-17T23:02:30.349000", "tags": [ "threat_actor", "unknown", "target:Dominican Republic", "target:India 2", "target:Ghana", "target:Siria", "target:Venezuela", "target:India", "target:Switzerland", "target:El Salvador", "target:Italy", "target:Mali", "target:Colombia", "target:Pakistan", "target:Panama", "target:Barbados", "target:Bulgaria", "target:But\u00e1n", "target:Albania", "target:South Africa", "target:Uzbekist\u00e1n", "target:Chequia", "target:Ecuador", "target:Eslovaquia", "target:Guatemala", "target:Belgium", "target:Montenegro", "target:Malaysia", "target:Poland", "target:Egypt", "target:EE.UU.", "target:Trinidad y Tobago", "target:Afganist\u00e1n", "target:Georgia", "target:Nigeria", "target:Saudi Arabia", "target:Brazil", "target:France", "target:Indonesia", "target:Chile", "target:Jamaica", "target:Hungary", "target:Portugal", "target:United Kingdom", "target:Peru", "target:Iran", "target:Turqu\u00eda", "target:Kazajist\u00e1n", "target:Bosnia y Herzegovina", "target:China", "target:Sri Lanka", "target:Croacia", "target:Germany", "target:Libia", "target:Mexico", "target:United Arab Emirates", "target:Argentina", "target:Global", "target:Netherlands", "target:Japan", "target:Bolivia", "target:Yibuti", "target:Vietnam", "target:Fiyi", "target:Cuba", "target:Camboya", "target:Taiw\u00e1n", "target:United States" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 20, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "fraevolquez", "id": "91700", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 6, "hostname": 48, "domain": 41 }, "indicator_count": 95, "is_author": false, "is_subscribing": null, "subscriber_count": 56, "modified_text": "348 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "683df46be3b5f1ff932aa84a", "name": "Threat Actor Profile: Mirage", "description": "# Mirage - Threat Actor Profile\n\n**Report Date**: 2025-06-02\n\n**Actor Type**: unknown\n\n## Description\nMirage is a sophisticated cyber espionage group believed to be linked to Chinas Peoples Liberation Army PLA. The groups primary focus is on intelligence gathering, targeting sectors like aerospace and defense. They employ a variety of tactics and tools, including custom malware.\n\n## Targeted Sectors\n* Administraci\u00f3n p\u00fablica\n* Transporte a\u00e9reo\n* Manufactura\n* Investigaci\u00f3n y tecnolog\u00eda espacial\n* Servicios p\u00fablicos\n* ... y 10 m\u00e1s\n\n## Targeted Countries\n* Rep\u00fablica Dominicana\n* India 2\n* Ghana\n* Siria\n* Venezuela\n* ... y 61 m\u00e1s", "modified": "2025-06-02T18:58:51.287000", "created": "2025-06-02T18:58:51.287000", "tags": [ "threat_actor", "unknown", "target:Dominican Republic", "target:India 2", "target:Ghana", "target:Siria", "target:Venezuela", "target:India", "target:Switzerland", "target:El Salvador", "target:Italy", "target:Mali", "target:Colombia", "target:Pakistan", "target:Panama", "target:Barbados", "target:Bulgaria", "target:But\u00e1n", "target:Albania", "target:South Africa", "target:Uzbekist\u00e1n", "target:Chequia", "target:Ecuador", "target:Eslovaquia", "target:Guatemala", "target:Belgium", "target:Montenegro", "target:Malaysia", "target:Poland", "target:Egypt", "target:EE.UU.", "target:Trinidad y Tobago", "target:Afganist\u00e1n", "target:Georgia", "target:Nigeria", "target:Saudi Arabia", "target:Brazil", "target:France", "target:Indonesia", "target:Chile", "target:Jamaica", "target:Hungary", "target:Portugal", "target:United Kingdom", "target:Peru", "target:Iran", "target:Turqu\u00eda", "target:Kazajist\u00e1n", "target:Bosnia y Herzegovina", "target:China", "target:Sri Lanka", "target:Croacia", "target:Germany", "target:Libia", "target:Mexico", "target:United Arab Emirates", "target:Argentina", "target:Global", "target:Netherlands", "target:Japan", "target:Bolivia", "target:Yibuti", "target:Vietnam", "target:Fiyi", "target:Cuba", "target:Camboya", "target:Taiw\u00e1n", "target:United States" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "fraevolquez", "id": "91700", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 6, "hostname": 48, "domain": 41 }, "indicator_count": 95, "is_author": false, "is_subscribing": null, "subscriber_count": 55, "modified_text": "363 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "681d16a9fdb8ff7bfe8db459", "name": "Threat Actor Profile: Mirage", "description": "# Mirage - Threat Actor Profile\n\n**Report Date**: 2025-05-08\n\n**Actor Type**: unknown\n\n## Description\nMirage is a sophisticated cyber espionage group believed to be linked to Chinas Peoples Liberation Army PLA. The groups primary focus is on intelligence gathering, targeting sectors like aerospace and defense. They employ a variety of tactics and tools, including custom malware.\n\n## Targeted Sectors\n* Administraci\u00f3n p\u00fablica\n* Transporte a\u00e9reo\n* Manufactura\n* Investigaci\u00f3n y tecnolog\u00eda espacial\n* Servicios p\u00fablicos\n* ... y 10 m\u00e1s\n\n## Targeted Countries\n* Rep\u00fablica Dominicana\n* India 2\n* Ghana\n* Siria\n* Venezuela\n* ... y 61 m\u00e1s", "modified": "2025-05-08T20:40:09.409000", "created": "2025-05-08T20:40:09.409000", "tags": [ "threat_actor", "unknown", "target:Dominican Republic", "target:India 2", "target:Ghana", "target:Siria", "target:Venezuela", "target:India", "target:Switzerland", "target:El Salvador", "target:Italy", "target:Mali", "target:Colombia", "target:Pakistan", "target:Panama", "target:Barbados", "target:Bulgaria", "target:But\u00e1n", "target:Albania", "target:South Africa", "target:Uzbekist\u00e1n", "target:Chequia", "target:Ecuador", "target:Eslovaquia", "target:Guatemala", "target:Belgium", "target:Montenegro", "target:Malaysia", "target:Poland", "target:Egypt", "target:EE.UU.", "target:Trinidad y Tobago", "target:Afganist\u00e1n", "target:Georgia", "target:Nigeria", "target:Saudi Arabia", "target:Brazil", "target:France", "target:Indonesia", "target:Chile", "target:Jamaica", "target:Hungary", "target:Portugal", "target:United Kingdom", "target:Peru", "target:Iran", "target:Turqu\u00eda", "target:Kazajist\u00e1n", "target:Bosnia y Herzegovina", "target:China", "target:Sri Lanka", "target:Croacia", "target:Germany", "target:Libia", "target:Mexico", "target:United Arab Emirates", "target:Argentina", "target:Global", "target:Netherlands", "target:Japan", "target:Bolivia", "target:Yibuti", "target:Vietnam", "target:Fiyi", "target:Cuba", "target:Camboya", "target:Taiw\u00e1n", "target:United States" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "fraevolquez", "id": "91700", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 6, "hostname": 48, "domain": 41 }, "indicator_count": 95, "is_author": false, "is_subscribing": null, "subscriber_count": 55, "modified_text": "388 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "680190c45c13710c439a3db0", "name": "Threat Actor Profile: Mirage", "description": "# Mirage - Threat Actor Profile\n\n**Report Date**: 2025-04-17\n\n**Actor Type**: unknown\n\n## Description\nMirage is a sophisticated cyber espionage group believed to be linked to Chinas Peoples Liberation Army PLA. The groups primary focus is on intelligence gathering, targeting sectors like aerospace and defense. They employ a variety of tactics and tools, including custom malware.\n\n## Targeted Sectors\n* Administraci\u00f3n p\u00fablica\n* Transporte a\u00e9reo\n* Manufactura\n* Investigaci\u00f3n y tecnolog\u00eda espacial\n* Servicios p\u00fablicos\n* ... y 10 m\u00e1s\n\n## Targeted Countries\n* Rep\u00fablica Dominicana\n* India 2\n* Ghana\n* Siria\n* Venezuela\n* ... y 61 m\u00e1s", "modified": "2025-04-17T23:37:40.060000", "created": "2025-04-17T23:37:40.060000", "tags": [ "threat_actor", "unknown", "target:Dominican Republic", "target:India 2", "target:Ghana", "target:Siria", "target:Venezuela", "target:India", "target:Switzerland", "target:El Salvador", "target:Italy", "target:Mali", "target:Colombia", "target:Pakistan", "target:Panama", "target:Barbados", "target:Bulgaria", "target:But\u00e1n", "target:Albania", "target:South Africa", "target:Uzbekist\u00e1n", "target:Chequia", "target:Ecuador", "target:Eslovaquia", "target:Guatemala", "target:Belgium", "target:Montenegro", "target:Malaysia", "target:Poland", "target:Egypt", "target:EE.UU.", "target:Trinidad y Tobago", "target:Afganist\u00e1n", "target:Georgia", "target:Nigeria", "target:Saudi Arabia", "target:Brazil", "target:France", "target:Indonesia", "target:Chile", "target:Jamaica", "target:Hungary", "target:Portugal", "target:United Kingdom", "target:Peru", "target:Iran", "target:Turqu\u00eda", "target:Kazajist\u00e1n", "target:Bosnia y Herzegovina", "target:China", "target:Sri Lanka", "target:Croacia", "target:Germany", "target:Libia", "target:Mexico", "target:United Arab Emirates", "target:Argentina", "target:Global", "target:Netherlands", "target:Japan", "target:Bolivia", "target:Yibuti", "target:Vietnam", "target:Fiyi", "target:Cuba", "target:Camboya", "target:Taiw\u00e1n", "target:United States" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "fraevolquez", "id": "91700", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 6, "hostname": 48, "domain": 41 }, "indicator_count": 95, "is_author": false, "is_subscribing": null, "subscriber_count": 55, "modified_text": "409 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "67ff13e09a7b60d18a996220", "name": "Threat Actor Profile: Mirage", "description": "# Mirage - Threat Actor Profile\n\n**Report Date**: 2025-04-16\n\n**Actor Type**: unknown\n\n## Description\nMirage is a sophisticated cyber espionage group believed to be linked to Chinas Peoples Liberation Army PLA. The groups primary focus is on intelligence gathering, targeting sectors like aerospace and defense. They employ a variety of tactics and tools, including custom malware.\n\n## Techniques\n* T1497\n* T1114.002\n* T1114\n* T1001\n* T1094\n* ... y 204 m\u00e1s\n\n## Targeted Sectors\n* Administraci\u00f3n p\u00fablica\n* Transporte a\u00e9reo\n* Manufactura\n* Investigaci\u00f3n y tecnolog\u00eda espacial\n* Servicios p\u00fablicos\n* ... y 10 m\u00e1s\n\n## Targeted Countries\n* Rep\u00fablica Dominicana\n* India 2\n* Ghana\n* Siria\n* Venezuela\n* ... y 61 m\u00e1s", "modified": "2025-04-16T02:20:16.466000", "created": "2025-04-16T02:20:16.466000", "tags": [ "threat_actor", "unknown", "T1497", "T1114.002", "T1114", "T1001", "T1094", "T1566.001", "T1068", "T1087.003", "T1111", "T1059.003", "T1053.002", "T1053.006", "TA0037", "T1014", "T1598.003", "T1602.002", "T1444", "T1081", "TA0004", "T1598.001", "T1598", "T1053.001", "T1574", "T1017", "T1602", "TA0002", "T1202", "T1194", "TA0005", "TA0011", "T1059.006", "T1031", "T1059", "T1055.004", "T1192", "T1574.006", "T1566.002", "T1156", "T1055.008", "T1056.003", "T1560", "T1053.007", "T1583.002", "T1055.001", "T1082", "T1027", "T1608.005", "T1071.001", "T1566", "T1038", "T1589", "T1041", "T1534", "T1105", "TA0009", "T1204.001", "T1155", "T1049", "T1001.003", "T1445", "T1056.001", "T1071.004", "T1608.001", "T1055.002", "T1210", "T1056", "T1450", "TA0006", "T1193", "T1055", "TA0043", "T1493", "TA0003", "TA0007", "T1491", "T1036", "T1036.004", "T1503", "T1114.001", "T1449", "T1566.003", "T1053", "T1110.002", "T1053.003", "T1459", "T1001.001", "T1598.002", "T1140", "T1059.007", "T1496", "TA0001", "T1088", "T1113", "T1071.003", "T1012", "T1046", "T1114.003", "T1129", "T1125", "T1071", "T1583.005_102", "106_T1056", "T1036.002", "T1112", "T1018", "T1021.002", "T1036.005", "T1547", "T1057", "T1008", "T1518", "T1170", "T1021", "T1011", "T1060", "T1539", "T1418", "T1614.001", "T1087.002", "T1021.001", "T1040", "T1020", "T1213", "T1069", "T1587", "T1533", "T1003.003", "T1003.004", "T1560.001", "T1548.002", "T1087", "T1069.002", "T1095", "T1426", "T1102", "T1201", "T1222", "T1070", "T1074", "T1033", "T1130", "T1569", "T1078.002", "T1552", "T1106", "T1190", "T1007", "T1495", "T1133", "T1090", "T1547.001", "T1588.002", "T1016", "T1422", "T1137", "T1588", "T1119", "T1437", "T1124", "T1569.002", "T1134", "T1005", "T1005.001", "T1003.002", "T1903", "T1059.001", "T1853", "T1115", "T1543.003", "T1430", "T1087.001", "T1587.001", "T1562.001", "T1543", "T1489", "T1078", "T1614", "T1509", "T1078.004", "T1083", "T1592.004", "T1558.001", "T1558", "T1530", "T1213.002", "T1047", "T1085", "T1003", "T1003.001", "T1120", "T1217", "T1074.001", "T1010", "T1218", "T1048", "T1553", "T1490", "T1497.003", "T1055.003", "T1571", "T11955", "T1204.002", "T1199", "T1204.", "T1595.002", "T1102.002", "T1583.003", "T1027.009", "T1027.013", "target:Dominican Republic", "target:India 2", "target:Ghana", "target:Siria", "target:Venezuela", "target:India", "target:Switzerland", "target:El Salvador", "target:Italy", "target:Mali", "target:Colombia", "target:Pakistan", "target:Panama", "target:Barbados", "target:Bulgaria", "target:But\u00e1n", "target:Albania", "target:South Africa", "target:Uzbekist\u00e1n", "target:Chequia", "target:Ecuador", "target:Eslovaquia", "target:Guatemala", "target:Belgium", "target:Montenegro", "target:Malaysia", "target:Poland", "target:Egypt", "target:EE.UU.", "target:Trinidad y Tobago", "target:Afganist\u00e1n", "target:Georgia", "target:Nigeria", "target:Saudi Arabia", "target:Brazil", "target:France", "target:Indonesia", "target:Chile", "target:Jamaica", "target:Hungary", "target:Portugal", "target:United Kingdom", "target:Peru", "target:Iran", "target:Turqu\u00eda", "target:Kazajist\u00e1n", "target:Bosnia y Herzegovina", "target:China", "target:Sri Lanka", "target:Croacia", "target:Germany", "target:Libia", "target:Mexico", "target:United Arab Emirates", "target:Argentina", "target:Global", "target:Netherlands", "target:Japan", "target:Bolivia", "target:Yibuti", "target:Vietnam", "target:Fiyi", "target:Cuba", "target:Camboya", "target:Taiw\u00e1n", "target:United States" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "fraevolquez", "id": "91700", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 6, "hostname": 48, "domain": 41 }, "indicator_count": 95, "is_author": false, "is_subscribing": null, "subscriber_count": 55, "modified_text": "411 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "67733b72d522398f5ea0a12d", "name": "Indicadores de Compromiso Estudiio de Inteligencia de Amenaza para Maestr\u00eda UASD Sobre Actores identificados en SOC Radar", "description": "Indicadores de Compromiso Estudiio de Inteligencia de Amenaza para Maestr\u00eda UASD Sobre Actores identificados en SOC Radar con Intereses en la Administraci\u00f3n P\u00fablica de la Rep\u00fablica Dominicana, Diciembre 2024", "modified": "2025-01-30T00:00:18.927000", "created": "2024-12-31T00:31:46.858000", "tags": [ "cve201711882", "cve20201472" ], "references": [], "public": 1, "adversary": "El Machete, TAG-100, Mirage, Unamed_Grooup", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 7, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "fraevolquez", "id": "91700", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 2631, "FileHash-SHA1": 2168, "FileHash-SHA256": 3401, "CVE": 25, "domain": 977, "hostname": 1226 }, "indicator_count": 10428, "is_author": false, "is_subscribing": null, "subscriber_count": 69, "modified_text": "487 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "677337a16d3d2b051137f251", "name": "Mirage", "description": "Mirage es un grupo de ciberespionaje vinculado al Ej\u00e9rcito Popular de Liberaci\u00f3n de China, centrado en la recopilaci\u00f3n de inteligencia en sectores como aeroespacial y defensa. Utilizan malware personalizado, spear-phishing y ataques a sitios web para infiltrar organizaciones.", "modified": "2025-01-30T00:00:18.927000", "created": "2024-12-31T00:15:29.657000", "tags": [], "references": [], "public": 1, "adversary": "Mirage", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 9, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "fraevolquez", "id": "91700", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 399, "FileHash-SHA1": 367, "FileHash-SHA256": 379, "CVE": 6, "domain": 41, "hostname": 48 }, "indicator_count": 1240, "is_author": false, "is_subscribing": null, "subscriber_count": 58, "modified_text": "487 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6570a78eb69b21bf0d7aab38", "name": "Strictor CNC | APT37 | IP148.251.234.93 | Anonymizer | Redline", "description": "", "modified": "2023-12-06T16:55:42.674000", "created": "2023-12-06T16:55:42.674000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 10, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 723, "hostname": 687, "FileHash-SHA256": 1519, "URL": 2751, "FileHash-MD5": 1, "FileHash-SHA1": 1 }, "indicator_count": 5682, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "907 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6523ffa7cc16a18279f52256", "name": "IOCs EvilBamboo Part.3", "description": "", "modified": "2023-11-08T00:02:03.611000", "created": "2023-10-09T13:27:03.327000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 13, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "almendra", "id": "229521", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 23, "FileHash-SHA256": 52, "FileHash-SHA1": 27, "FileHash-MD5": 27 }, "indicator_count": 129, "is_author": false, "is_subscribing": null, "subscriber_count": 34, "modified_text": "936 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65406318211eb8c95155b062", "name": "Strictor CNC | APT37 | IP148.251.234.93 | Anonymizer | RedlineStealer | BruteForce | ddos", "description": "", "modified": "2023-10-31T02:14:48.782000", "created": "2023-10-31T02:14:48.782000", "tags": [ "generic malware", "hybridanalysis", "date filename", "blacklist sat", "sun jun", "file", "mon jun", "thu jun", "contacted", "ip lookup", "open", "open ports", "antivirus", "less see", "all av", "detection ratio", "ids detections", "http post", "strictor cnc", "005000", "002000000" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": "6518f9615a88e0f1e325bde4", "export_count": 10, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 687, "domain": 723, "FileHash-MD5": 1, "FileHash-SHA1": 1, "FileHash-SHA256": 1519, "URL": 2751 }, "indicator_count": 5682, "is_author": false, "is_subscribing": null, "subscriber_count": 220, "modified_text": "944 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "653f057040b1f322c64402e0", "name": "Strictor CNC | APT37 | IP148.251.234.93 | Anonymizer | Redline", "description": "", "modified": "2023-10-31T02:00:24.579000", "created": "2023-10-30T01:22:56.776000", "tags": [ "generic malware", "hybridanalysis", "date filename", "blacklist sat", "sun jun", "file", "mon jun", "thu jun", "contacted", "ip lookup", "open", "open ports", "antivirus", "less see", "all av", "detection ratio", "ids detections", "http post", "strictor cnc", "005000", "002000000" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": "6518f9615a88e0f1e325bde4", "export_count": 10, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 687, "domain": 723, "FileHash-MD5": 1, "FileHash-SHA1": 1, "FileHash-SHA256": 1519, "URL": 2751 }, "indicator_count": 5682, "is_author": false, "is_subscribing": null, "subscriber_count": 221, "modified_text": "944 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6518f9615a88e0f1e325bde4", "name": "Strictor CNC | APT37 | IP148.251.234.93 | Anonymizer | Redline", "description": "Mail Spammer, IMAP Attacker, HTTP Spammer, Bruteforce login attacker, HTTP Attacker, HTTP Spammer, Dropper.Trojan.Agent, DangerousSig [Trj], RedLineStealer, Proxy, FireHOL, Apt37, mitre-attack, https://attack.mitre.org/groups/G0067/, IP: 148.251.234.93,\n\n \"tag\":\n [\"anonymization\",\n \"apt\",\n \"redlinestealer\",\n \"malware\",\n \"malware_download\",\n \"apache\",\n \"ddos\",\n \"rfi\",\n \"attacker\",\n \"login\",\n \"bruteforce\",\n \"bot\",\n \"joomla\",\n \"wordpress\",\n \"abuse\",\n \"imap\",\n \"pop3\",\n \"sasl\",\n \"mail\",\n \"spam\",\n \"anonymizer\"], \n#discord #slack", "modified": "2023-10-31T02:00:24.579000", "created": "2023-10-01T04:45:21.492000", "tags": [ "generic malware", "hybridanalysis", "date filename", "blacklist sat", "sun jun", "file", "mon jun", "thu jun", "contacted", "ip lookup", "open", "open ports", "antivirus", "less see", "all av", "detection ratio", "ids detections", "http post", "strictor cnc", "005000", "002000000" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 6, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "scoreblue", "id": "254100", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_254100/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 687, "domain": 723, "FileHash-MD5": 1, "FileHash-SHA1": 1, "FileHash-SHA256": 1519, "URL": 2751 }, "indicator_count": 5682, "is_author": false, "is_subscribing": null, "subscriber_count": 231, "modified_text": "944 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6511f81e4636aefc863f375d", "name": "EvilBamboo Spreads Mobile Malware", "description": "", "modified": "2023-10-25T21:02:00.378000", "created": "2023-09-25T21:14:06.423000", "tags": [], "references": [ "September 26th, 2023 - CryptoGen Cyber Threat Intelligence Advisory #3301 - EvilBamboo Spreads Mobile Malware.pdf" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 11, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "cryptocti", "id": "110256", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_110256/resized/80/avatar_e237a4257c.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 27, "FileHash-SHA1": 27, "FileHash-SHA256": 213, "domain": 24 }, "indicator_count": 291, "is_author": false, "is_subscribing": null, "subscriber_count": 499, "modified_text": "949 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "64f086e52ca1eefaf9a2ef2b", "name": "BadBazaar espionage tool targets Android users via trojanized Signal and Telegram apps", "description": "ESET Research has identified two campaigns targeting Android users via trojanized Signal and Telegram apps and a malware family that has previously been used to target Uyghurs and other Turkic ethnic minorities.", "modified": "2023-09-30T12:01:18.504000", "created": "2023-08-31T12:26:13.331000", "tags": [ "signal plus", "flygram", "badbazaar", "messenger", "signal", "figure", "google play", "c server", "samsung galaxy", "store", "android", "doubleagent", "april", "february", "june", "ukraine", "xslcmd", "silkbean", "carbonsteal", "goldeneagle", "code", "gref", "uyghur telegram", "os x" ], "references": [ "https://www.welivesecurity.com/en/eset-research/badbazaar-espionage-tool-targets-android-users-trojanized-signal-telegram-apps/" ], "public": 1, "adversary": "GREF", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 18, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunter_NL", "id": "171283", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_171283/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 1, "FileHash-SHA1": 6, "FileHash-SHA256": 1, "URL": 8, "domain": 2, "hostname": 10 }, "indicator_count": 28, "is_author": false, "is_subscribing": null, "subscriber_count": 864, "modified_text": "975 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "64ef64f0317a4728fc9f2fc9", "name": "Android Spyware Dubbed BadBazaar Targets Signal and Telegram Apps", "description": "", "modified": "2023-09-29T15:05:13.083000", "created": "2023-08-30T15:49:04.790000", "tags": [], "references": [ "August 30th, 2023 - CryptoGen Cyber Threat Intelligence Advisory #3142 - Android Spyware Dubbed BadBazaar Targets Signal and Telegram Apps.pdf" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 20, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "cryptocti", "id": "110256", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_110256/resized/80/avatar_e237a4257c.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA1": 5, "URL": 1, "domain": 2, "hostname": 11 }, "indicator_count": 19, "is_author": false, "is_subscribing": null, "subscriber_count": 499, "modified_text": "976 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "64f02674371b5493545793e0", "name": "Android Spyware Dubbed BadBazaar Targets Signal and Telegram Apps", "description": "", "modified": "2023-09-29T15:05:13.083000", "created": "2023-08-31T05:34:44.051000", "tags": [], "references": [ "August 30th, 2023 - CryptoGen Cyber Threat Intelligence Advisory #3142 - Android Spyware Dubbed BadBazaar Targets Signal and Telegram Apps.pdf", "https://www.welivesecurity.com/en/eset-research/badbazaar-espionage-tool-targets-android-users-trojanized-signal-telegram-apps/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": "64ef64f0317a4728fc9f2fc9", "export_count": 13, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "tr2222200", "id": "207905", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA1": 5, "URL": 1, "domain": 2, "hostname": 11 }, "indicator_count": 19, "is_author": false, "is_subscribing": null, "subscriber_count": 187, "modified_text": "976 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "references": [ "August 30th, 2023 - CryptoGen Cyber Threat Intelligence Advisory #3142 - Android Spyware Dubbed BadBazaar Targets Signal and Telegram Apps.pdf", "https://www.welivesecurity.com/en/eset-research/badbazaar-espionage-tool-targets-android-users-trojanized-signal-telegram-apps/", "September 26th, 2023 - CryptoGen Cyber Threat Intelligence Advisory #3301 - EvilBamboo Spreads Mobile Malware.pdf" ], "related": { "alienvault": { "adversary": [ "GREF" ], "malware_families": [ "Os x", "Badbazaar", "Uyghur telegram", "Android", "Flygram", "Gref" ], "industries": [] }, "other": { "adversary": [ "El Machete, TAG-100, Mirage, Unamed_Grooup", "GREF", "Mirage" ], "malware_families": [], "industries": [] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 18, "pulses": [ { "id": "64f09f67430167a084c508ac", "name": "BadBazaar espionage tool targets Android users via trojanized Signal and Telegram apps", "description": "Research has identified two campaigns targeting Android users via trojanized Signal and Telegram apps and a malware family that has previously been used to target Uyghurs and other Turkic ethnic minorities.", "modified": "2023-10-03T14:04:17.862000", "created": "2023-08-31T14:10:46.581000", "tags": [ "flygram", "badbazaar", "messenger", "c server", "android", "doubleagent", "ukraine", "xslcmd", "silkbean", "carbonsteal", "goldeneagle", "gref", "uyghur telegram", "os x" ], "references": [ "https://www.welivesecurity.com/en/eset-research/badbazaar-espionage-tool-targets-android-users-trojanized-signal-telegram-apps/" ], "public": 1, "adversary": "GREF", "targeted_countries": [ "China", "Australia", "Brazil", "Denmark", "Congo", "Germany", "Hong Kong", "Hungary", "Lithuania", "Netherlands", "Poland", "Portugal", "Singapore", "Spain", "Ukraine", "United States of America", "Yemen" ], "malware_families": [ { "id": "FlyGram", "display_name": "FlyGram", "target": null }, { "id": "Uyghur Telegram", "display_name": "Uyghur Telegram", "target": null }, { "id": "OS X", "display_name": "OS X", "target": null }, { "id": "GREF", "display_name": "GREF", "target": null }, { "id": "Android", "display_name": "Android", "target": null }, { "id": "BadBazaar", "display_name": "BadBazaar", "target": null } ], "attack_ids": [ { "id": "T1418", "name": "Application Discovery", "display_name": "T1418 - Application Discovery" }, { "id": "T1426", "name": "System Information Discovery", "display_name": "T1426 - System Information Discovery" }, { "id": "T1430", "name": "Location Tracking", "display_name": "T1430 - Location Tracking" }, { "id": "T1437", "name": "Standard Application Layer Protocol", "display_name": "T1437 - Standard Application Layer Protocol" }, { "id": "T1509", "name": "Uncommonly Used Port", "display_name": "T1509 - Uncommonly Used Port" }, { "id": "T1495", "name": "Firmware Corruption", "display_name": "T1495 - Firmware Corruption" }, { "id": "T1134", "name": "Access Token Manipulation", "display_name": "T1134 - Access Token Manipulation" }, { "id": "T1040", "name": "Network Sniffing", "display_name": "T1040 - Network Sniffing" }, { "id": "T1530", "name": "Data from Cloud Storage Object", "display_name": "T1530 - Data from Cloud Storage Object" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1090", "name": "Proxy", "display_name": "T1090 - Proxy" }, { "id": "T1422", "name": "System Network Configuration Discovery", "display_name": "T1422 - System Network Configuration Discovery" }, { "id": "T1533", "name": "Data from Local System", "display_name": "T1533 - Data from Local System" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 371, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 1, "FileHash-SHA1": 6, "FileHash-SHA256": 1, "domain": 2, "hostname": 9 }, "indicator_count": 19, "is_author": false, "is_subscribing": null, "subscriber_count": 386696, "modified_text": "972 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "68897aac34d205d5cfc55c74", "name": "Threat Actor Profile: Mirage", "description": "# Mirage - Threat Actor Profile\n\n**Report Date**: 2025-07-30\n\n**Actor Type**: unknown\n\n## Description\nMirage is a sophisticated cyber espionage group believed to be linked to Chinas Peoples Liberation Army PLA. The groups primary focus is on intelligence gathering, targeting sectors like aerospace and defense. They employ a variety of tactics and tools, including custom malware.\n\n## Targeted Sectors\n* Administraci\u00f3n p\u00fablica\n* Transporte a\u00e9reo\n* Manufactura\n* Investigaci\u00f3n y tecnolog\u00eda espacial\n* Servicios p\u00fablicos\n* ... y 10 m\u00e1s\n\n## Targeted Countries\n* Rep\u00fablica Dominicana\n* India 2\n* Ghana\n* Siria\n* Venezuela\n* ... y 61 m\u00e1s", "modified": "2025-07-30T01:51:40.989000", "created": "2025-07-30T01:51:40.989000", "tags": [ "threat_actor", "unknown", "target:Dominican Republic", "target:India 2", "target:Ghana", "target:Siria", "target:Venezuela", "target:India", "target:Switzerland", "target:El Salvador", "target:Italy", "target:Mali", "target:Colombia", "target:Pakistan", "target:Panama", "target:Barbados", "target:Bulgaria", "target:But\u00e1n", "target:Albania", "target:South Africa", "target:Uzbekist\u00e1n", "target:Chequia", "target:Ecuador", "target:Eslovaquia", "target:Guatemala", "target:Belgium", "target:Montenegro", "target:Malaysia", "target:Poland", "target:Egypt", "target:EE.UU.", "target:Trinidad y Tobago", "target:Afganist\u00e1n", "target:Georgia", "target:Nigeria", "target:Saudi Arabia", "target:Brazil", "target:France", "target:Indonesia", "target:Chile", "target:Jamaica", "target:Hungary", "target:Portugal", "target:United Kingdom", "target:Peru", "target:Iran", "target:Turqu\u00eda", "target:Kazajist\u00e1n", "target:Bosnia y Herzegovina", "target:China", "target:Sri Lanka", "target:Croacia", "target:Germany", "target:Libia", "target:Mexico", "target:United Arab Emirates", "target:Argentina", "target:Global", "target:Netherlands", "target:Japan", "target:Bolivia", "target:Yibuti", "target:Vietnam", "target:Fiyi", "target:Cuba", "target:Camboya", "target:Taiw\u00e1n", "target:United States" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 20, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "fraevolquez", "id": "91700", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 6, "hostname": 48, "domain": 41 }, "indicator_count": 95, "is_author": false, "is_subscribing": null, "subscriber_count": 55, "modified_text": "306 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6851f4070f95e4f44c09efcf", "name": "Threat Actor Profile: Mirage", "description": "# Mirage - Threat Actor Profile\n\n**Report Date**: 2025-06-17\n\n**Actor Type**: unknown\n\n## Description\nMirage is a sophisticated cyber espionage group believed to be linked to Chinas Peoples Liberation Army PLA. The groups primary focus is on intelligence gathering, targeting sectors like aerospace and defense. They employ a variety of tactics and tools, including custom malware.\n\n## Targeted Sectors\n* Administraci\u00f3n p\u00fablica\n* Transporte a\u00e9reo\n* Manufactura\n* Investigaci\u00f3n y tecnolog\u00eda espacial\n* Servicios p\u00fablicos\n* ... y 10 m\u00e1s\n\n## Targeted Countries\n* Rep\u00fablica Dominicana\n* India 2\n* Ghana\n* Siria\n* Venezuela\n* ... y 61 m\u00e1s", "modified": "2025-06-17T23:02:30.349000", "created": "2025-06-17T23:02:30.349000", "tags": [ "threat_actor", "unknown", "target:Dominican Republic", "target:India 2", "target:Ghana", "target:Siria", "target:Venezuela", "target:India", "target:Switzerland", "target:El Salvador", "target:Italy", "target:Mali", "target:Colombia", "target:Pakistan", "target:Panama", "target:Barbados", "target:Bulgaria", "target:But\u00e1n", "target:Albania", "target:South Africa", "target:Uzbekist\u00e1n", "target:Chequia", "target:Ecuador", "target:Eslovaquia", "target:Guatemala", "target:Belgium", "target:Montenegro", "target:Malaysia", "target:Poland", "target:Egypt", "target:EE.UU.", "target:Trinidad y Tobago", "target:Afganist\u00e1n", "target:Georgia", "target:Nigeria", "target:Saudi Arabia", "target:Brazil", "target:France", "target:Indonesia", "target:Chile", "target:Jamaica", "target:Hungary", "target:Portugal", "target:United Kingdom", "target:Peru", "target:Iran", "target:Turqu\u00eda", "target:Kazajist\u00e1n", "target:Bosnia y Herzegovina", "target:China", "target:Sri Lanka", "target:Croacia", "target:Germany", "target:Libia", "target:Mexico", "target:United Arab Emirates", "target:Argentina", "target:Global", "target:Netherlands", "target:Japan", "target:Bolivia", "target:Yibuti", "target:Vietnam", "target:Fiyi", "target:Cuba", "target:Camboya", "target:Taiw\u00e1n", "target:United States" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 20, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "fraevolquez", "id": "91700", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 6, "hostname": 48, "domain": 41 }, "indicator_count": 95, "is_author": false, "is_subscribing": null, "subscriber_count": 56, "modified_text": "348 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "683df46be3b5f1ff932aa84a", "name": "Threat Actor Profile: Mirage", "description": "# Mirage - Threat Actor Profile\n\n**Report Date**: 2025-06-02\n\n**Actor Type**: unknown\n\n## Description\nMirage is a sophisticated cyber espionage group believed to be linked to Chinas Peoples Liberation Army PLA. The groups primary focus is on intelligence gathering, targeting sectors like aerospace and defense. They employ a variety of tactics and tools, including custom malware.\n\n## Targeted Sectors\n* Administraci\u00f3n p\u00fablica\n* Transporte a\u00e9reo\n* Manufactura\n* Investigaci\u00f3n y tecnolog\u00eda espacial\n* Servicios p\u00fablicos\n* ... y 10 m\u00e1s\n\n## Targeted Countries\n* Rep\u00fablica Dominicana\n* India 2\n* Ghana\n* Siria\n* Venezuela\n* ... y 61 m\u00e1s", "modified": "2025-06-02T18:58:51.287000", "created": "2025-06-02T18:58:51.287000", "tags": [ "threat_actor", "unknown", "target:Dominican Republic", "target:India 2", "target:Ghana", "target:Siria", "target:Venezuela", "target:India", "target:Switzerland", "target:El Salvador", "target:Italy", "target:Mali", "target:Colombia", "target:Pakistan", "target:Panama", "target:Barbados", "target:Bulgaria", "target:But\u00e1n", "target:Albania", "target:South Africa", "target:Uzbekist\u00e1n", "target:Chequia", "target:Ecuador", "target:Eslovaquia", "target:Guatemala", "target:Belgium", "target:Montenegro", "target:Malaysia", "target:Poland", "target:Egypt", "target:EE.UU.", "target:Trinidad y Tobago", "target:Afganist\u00e1n", "target:Georgia", "target:Nigeria", "target:Saudi Arabia", "target:Brazil", "target:France", "target:Indonesia", "target:Chile", "target:Jamaica", "target:Hungary", "target:Portugal", "target:United Kingdom", "target:Peru", "target:Iran", "target:Turqu\u00eda", "target:Kazajist\u00e1n", "target:Bosnia y Herzegovina", "target:China", "target:Sri Lanka", "target:Croacia", "target:Germany", "target:Libia", "target:Mexico", "target:United Arab Emirates", "target:Argentina", "target:Global", "target:Netherlands", "target:Japan", "target:Bolivia", "target:Yibuti", "target:Vietnam", "target:Fiyi", "target:Cuba", "target:Camboya", "target:Taiw\u00e1n", "target:United States" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "fraevolquez", "id": "91700", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 6, "hostname": 48, "domain": 41 }, "indicator_count": 95, "is_author": false, "is_subscribing": null, "subscriber_count": 55, "modified_text": "363 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "681d16a9fdb8ff7bfe8db459", "name": "Threat Actor Profile: Mirage", "description": "# Mirage - Threat Actor Profile\n\n**Report Date**: 2025-05-08\n\n**Actor Type**: unknown\n\n## Description\nMirage is a sophisticated cyber espionage group believed to be linked to Chinas Peoples Liberation Army PLA. The groups primary focus is on intelligence gathering, targeting sectors like aerospace and defense. They employ a variety of tactics and tools, including custom malware.\n\n## Targeted Sectors\n* Administraci\u00f3n p\u00fablica\n* Transporte a\u00e9reo\n* Manufactura\n* Investigaci\u00f3n y tecnolog\u00eda espacial\n* Servicios p\u00fablicos\n* ... y 10 m\u00e1s\n\n## Targeted Countries\n* Rep\u00fablica Dominicana\n* India 2\n* Ghana\n* Siria\n* Venezuela\n* ... y 61 m\u00e1s", "modified": "2025-05-08T20:40:09.409000", "created": "2025-05-08T20:40:09.409000", "tags": [ "threat_actor", "unknown", "target:Dominican Republic", "target:India 2", "target:Ghana", "target:Siria", "target:Venezuela", "target:India", "target:Switzerland", "target:El Salvador", "target:Italy", "target:Mali", "target:Colombia", "target:Pakistan", "target:Panama", "target:Barbados", "target:Bulgaria", "target:But\u00e1n", "target:Albania", "target:South Africa", "target:Uzbekist\u00e1n", "target:Chequia", "target:Ecuador", "target:Eslovaquia", "target:Guatemala", "target:Belgium", "target:Montenegro", "target:Malaysia", "target:Poland", "target:Egypt", "target:EE.UU.", "target:Trinidad y Tobago", "target:Afganist\u00e1n", "target:Georgia", "target:Nigeria", "target:Saudi Arabia", "target:Brazil", "target:France", "target:Indonesia", "target:Chile", "target:Jamaica", "target:Hungary", "target:Portugal", "target:United Kingdom", "target:Peru", "target:Iran", "target:Turqu\u00eda", "target:Kazajist\u00e1n", "target:Bosnia y Herzegovina", "target:China", "target:Sri Lanka", "target:Croacia", "target:Germany", "target:Libia", "target:Mexico", "target:United Arab Emirates", "target:Argentina", "target:Global", "target:Netherlands", "target:Japan", "target:Bolivia", "target:Yibuti", "target:Vietnam", "target:Fiyi", "target:Cuba", "target:Camboya", "target:Taiw\u00e1n", "target:United States" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "fraevolquez", "id": "91700", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 6, "hostname": 48, "domain": 41 }, "indicator_count": 95, "is_author": false, "is_subscribing": null, "subscriber_count": 55, "modified_text": "388 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "680190c45c13710c439a3db0", "name": "Threat Actor Profile: Mirage", "description": "# Mirage - Threat Actor Profile\n\n**Report Date**: 2025-04-17\n\n**Actor Type**: unknown\n\n## Description\nMirage is a sophisticated cyber espionage group believed to be linked to Chinas Peoples Liberation Army PLA. The groups primary focus is on intelligence gathering, targeting sectors like aerospace and defense. They employ a variety of tactics and tools, including custom malware.\n\n## Targeted Sectors\n* Administraci\u00f3n p\u00fablica\n* Transporte a\u00e9reo\n* Manufactura\n* Investigaci\u00f3n y tecnolog\u00eda espacial\n* Servicios p\u00fablicos\n* ... y 10 m\u00e1s\n\n## Targeted Countries\n* Rep\u00fablica Dominicana\n* India 2\n* Ghana\n* Siria\n* Venezuela\n* ... y 61 m\u00e1s", "modified": "2025-04-17T23:37:40.060000", "created": "2025-04-17T23:37:40.060000", "tags": [ "threat_actor", "unknown", "target:Dominican Republic", "target:India 2", "target:Ghana", "target:Siria", "target:Venezuela", "target:India", "target:Switzerland", "target:El Salvador", "target:Italy", "target:Mali", "target:Colombia", "target:Pakistan", "target:Panama", "target:Barbados", "target:Bulgaria", "target:But\u00e1n", "target:Albania", "target:South Africa", "target:Uzbekist\u00e1n", "target:Chequia", "target:Ecuador", "target:Eslovaquia", "target:Guatemala", "target:Belgium", "target:Montenegro", "target:Malaysia", "target:Poland", "target:Egypt", "target:EE.UU.", "target:Trinidad y Tobago", "target:Afganist\u00e1n", "target:Georgia", "target:Nigeria", "target:Saudi Arabia", "target:Brazil", "target:France", "target:Indonesia", "target:Chile", "target:Jamaica", "target:Hungary", "target:Portugal", "target:United Kingdom", "target:Peru", "target:Iran", "target:Turqu\u00eda", "target:Kazajist\u00e1n", "target:Bosnia y Herzegovina", "target:China", "target:Sri Lanka", "target:Croacia", "target:Germany", "target:Libia", "target:Mexico", "target:United Arab Emirates", "target:Argentina", "target:Global", "target:Netherlands", "target:Japan", "target:Bolivia", "target:Yibuti", "target:Vietnam", "target:Fiyi", "target:Cuba", "target:Camboya", "target:Taiw\u00e1n", "target:United States" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "fraevolquez", "id": "91700", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 6, "hostname": 48, "domain": 41 }, "indicator_count": 95, "is_author": false, "is_subscribing": null, "subscriber_count": 55, "modified_text": "409 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "67ff13e09a7b60d18a996220", "name": "Threat Actor Profile: Mirage", "description": "# Mirage - Threat Actor Profile\n\n**Report Date**: 2025-04-16\n\n**Actor Type**: unknown\n\n## Description\nMirage is a sophisticated cyber espionage group believed to be linked to Chinas Peoples Liberation Army PLA. The groups primary focus is on intelligence gathering, targeting sectors like aerospace and defense. They employ a variety of tactics and tools, including custom malware.\n\n## Techniques\n* T1497\n* T1114.002\n* T1114\n* T1001\n* T1094\n* ... y 204 m\u00e1s\n\n## Targeted Sectors\n* Administraci\u00f3n p\u00fablica\n* Transporte a\u00e9reo\n* Manufactura\n* Investigaci\u00f3n y tecnolog\u00eda espacial\n* Servicios p\u00fablicos\n* ... y 10 m\u00e1s\n\n## Targeted Countries\n* Rep\u00fablica Dominicana\n* India 2\n* Ghana\n* Siria\n* Venezuela\n* ... y 61 m\u00e1s", "modified": "2025-04-16T02:20:16.466000", "created": "2025-04-16T02:20:16.466000", "tags": [ "threat_actor", "unknown", "T1497", "T1114.002", "T1114", "T1001", "T1094", "T1566.001", "T1068", "T1087.003", "T1111", "T1059.003", "T1053.002", "T1053.006", "TA0037", "T1014", "T1598.003", "T1602.002", "T1444", "T1081", "TA0004", "T1598.001", "T1598", "T1053.001", "T1574", "T1017", "T1602", "TA0002", "T1202", "T1194", "TA0005", "TA0011", "T1059.006", "T1031", "T1059", "T1055.004", "T1192", "T1574.006", "T1566.002", "T1156", "T1055.008", "T1056.003", "T1560", "T1053.007", "T1583.002", "T1055.001", "T1082", "T1027", "T1608.005", "T1071.001", "T1566", "T1038", "T1589", "T1041", "T1534", "T1105", "TA0009", "T1204.001", "T1155", "T1049", "T1001.003", "T1445", "T1056.001", "T1071.004", "T1608.001", "T1055.002", "T1210", "T1056", "T1450", "TA0006", "T1193", "T1055", "TA0043", "T1493", "TA0003", "TA0007", "T1491", "T1036", "T1036.004", "T1503", "T1114.001", "T1449", "T1566.003", "T1053", "T1110.002", "T1053.003", "T1459", "T1001.001", "T1598.002", "T1140", "T1059.007", "T1496", "TA0001", "T1088", "T1113", "T1071.003", "T1012", "T1046", "T1114.003", "T1129", "T1125", "T1071", "T1583.005_102", "106_T1056", "T1036.002", "T1112", "T1018", "T1021.002", "T1036.005", "T1547", "T1057", "T1008", "T1518", "T1170", "T1021", "T1011", "T1060", "T1539", "T1418", "T1614.001", "T1087.002", "T1021.001", "T1040", "T1020", "T1213", "T1069", "T1587", "T1533", "T1003.003", "T1003.004", "T1560.001", "T1548.002", "T1087", "T1069.002", "T1095", "T1426", "T1102", "T1201", "T1222", "T1070", "T1074", "T1033", "T1130", "T1569", "T1078.002", "T1552", "T1106", "T1190", "T1007", "T1495", "T1133", "T1090", "T1547.001", "T1588.002", "T1016", "T1422", "T1137", "T1588", "T1119", "T1437", "T1124", "T1569.002", "T1134", "T1005", "T1005.001", "T1003.002", "T1903", "T1059.001", "T1853", "T1115", "T1543.003", "T1430", "T1087.001", "T1587.001", "T1562.001", "T1543", "T1489", "T1078", "T1614", "T1509", "T1078.004", "T1083", "T1592.004", "T1558.001", "T1558", "T1530", "T1213.002", "T1047", "T1085", "T1003", "T1003.001", "T1120", "T1217", "T1074.001", "T1010", "T1218", "T1048", "T1553", "T1490", "T1497.003", "T1055.003", "T1571", "T11955", "T1204.002", "T1199", "T1204.", "T1595.002", "T1102.002", "T1583.003", "T1027.009", "T1027.013", "target:Dominican Republic", "target:India 2", "target:Ghana", "target:Siria", "target:Venezuela", "target:India", "target:Switzerland", "target:El Salvador", "target:Italy", "target:Mali", "target:Colombia", "target:Pakistan", "target:Panama", "target:Barbados", "target:Bulgaria", "target:But\u00e1n", "target:Albania", "target:South Africa", "target:Uzbekist\u00e1n", "target:Chequia", "target:Ecuador", "target:Eslovaquia", "target:Guatemala", "target:Belgium", "target:Montenegro", "target:Malaysia", "target:Poland", "target:Egypt", "target:EE.UU.", "target:Trinidad y Tobago", "target:Afganist\u00e1n", "target:Georgia", "target:Nigeria", "target:Saudi Arabia", "target:Brazil", "target:France", "target:Indonesia", "target:Chile", "target:Jamaica", "target:Hungary", "target:Portugal", "target:United Kingdom", "target:Peru", "target:Iran", "target:Turqu\u00eda", "target:Kazajist\u00e1n", "target:Bosnia y Herzegovina", "target:China", "target:Sri Lanka", "target:Croacia", "target:Germany", "target:Libia", "target:Mexico", "target:United Arab Emirates", "target:Argentina", "target:Global", "target:Netherlands", "target:Japan", "target:Bolivia", "target:Yibuti", "target:Vietnam", "target:Fiyi", "target:Cuba", "target:Camboya", "target:Taiw\u00e1n", "target:United States" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "fraevolquez", "id": "91700", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 6, "hostname": 48, "domain": 41 }, "indicator_count": 95, "is_author": false, "is_subscribing": null, "subscriber_count": 55, "modified_text": "411 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "67733b72d522398f5ea0a12d", "name": "Indicadores de Compromiso Estudiio de Inteligencia de Amenaza para Maestr\u00eda UASD Sobre Actores identificados en SOC Radar", "description": "Indicadores de Compromiso Estudiio de Inteligencia de Amenaza para Maestr\u00eda UASD Sobre Actores identificados en SOC Radar con Intereses en la Administraci\u00f3n P\u00fablica de la Rep\u00fablica Dominicana, Diciembre 2024", "modified": "2025-01-30T00:00:18.927000", "created": "2024-12-31T00:31:46.858000", "tags": [ "cve201711882", "cve20201472" ], "references": [], "public": 1, "adversary": "El Machete, TAG-100, Mirage, Unamed_Grooup", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 7, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "fraevolquez", "id": "91700", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 2631, "FileHash-SHA1": 2168, "FileHash-SHA256": 3401, "CVE": 25, "domain": 977, "hostname": 1226 }, "indicator_count": 10428, "is_author": false, "is_subscribing": null, "subscriber_count": 69, "modified_text": "487 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "677337a16d3d2b051137f251", "name": "Mirage", "description": "Mirage es un grupo de ciberespionaje vinculado al Ej\u00e9rcito Popular de Liberaci\u00f3n de China, centrado en la recopilaci\u00f3n de inteligencia en sectores como aeroespacial y defensa. Utilizan malware personalizado, spear-phishing y ataques a sitios web para infiltrar organizaciones.", "modified": "2025-01-30T00:00:18.927000", "created": "2024-12-31T00:15:29.657000", "tags": [], "references": [], "public": 1, "adversary": "Mirage", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 9, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "fraevolquez", "id": "91700", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 399, "FileHash-SHA1": 367, "FileHash-SHA256": 379, "CVE": 6, "domain": 41, "hostname": 48 }, "indicator_count": 1240, "is_author": false, "is_subscribing": null, "subscriber_count": 58, "modified_text": "487 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6570a78eb69b21bf0d7aab38", "name": "Strictor CNC | APT37 | IP148.251.234.93 | Anonymizer | Redline", "description": "", "modified": "2023-12-06T16:55:42.674000", "created": "2023-12-06T16:55:42.674000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 10, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 723, "hostname": 687, "FileHash-SHA256": 1519, "URL": 2751, "FileHash-MD5": 1, "FileHash-SHA1": 1 }, "indicator_count": 5682, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "907 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "flygram.org", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "flygram.org", "found": false, "verdict": "clean", "urls": [], "error": null }, "from_cache": true, "_cached_at": 1780327643.9172497 }