{ "type": "Domain", "indicator": "gstatic-node.io", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/gstatic-node.io", "alexa": "http://www.alexa.com/siteinfo/gstatic-node.io", "indicator": "gstatic-node.io", "type": "domain", "type_title": "Domain", "validation": [], "base_indicator": { "id": 3710884382, "indicator": "gstatic-node.io", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 50, "pulses": [ { "id": "64f7ff2fd0f04df7d66cbd8d", "name": "Win32.Lumma - Malware Domain Feed V2", "description": "Command and Control domains for Win32.Lumma. These domains are extracted from a number of sources, and are suspicious.", "modified": "2026-05-31T02:35:08.356000", "created": "2023-09-06T04:25:19.708000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 316, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "otxrobottwo_testing", "id": "83138", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 615, "hostname": 5 }, "indicator_count": 620, "is_author": false, "is_subscribing": null, "subscriber_count": 596, "modified_text": "4 hours ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "653e8484ba7c285929cb5e0d", "name": "CERT.PL list of malicious domains", "description": "See: https://cert.pl/en/warning-list/\n\n(archived version here: https://web.archive.org/web/20231029161224/https://cert.pl/en/posts/2020/03/malicious_domains/)", "modified": "2026-05-30T07:58:43.913000", "created": "2023-10-29T16:12:52.580000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [ "Poland" ], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 169174, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 1, "follower_count": 0, "vote": 0, "author": { "username": "tomtomalien", "id": "258713", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_258713/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 156498, "domain": 371707 }, "indicator_count": 528205, "is_author": false, "is_subscribing": null, "subscriber_count": 474, "modified_text": "23 hours ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "650872ca8537ef361b8b1e3f", "name": "Win32.Lumma - Malware Domain Feed V2", "description": "Command and Control domains for Win32.Lumma. These domains are extracted from a number of sources, and are suspicious.", "modified": "2026-05-28T18:45:11.519000", "created": "2023-09-18T15:54:50.501000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 185, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "otxrobottwo", "id": "78495", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_78495/resized/80/avatar_ba5a8acdbd.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 671, "hostname": 4 }, "indicator_count": 675, "is_author": false, "is_subscribing": null, "subscriber_count": 1124, "modified_text": "2 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "691aeef2a25558205818f64e", "name": "Threat Intel Report - W46-2025", "description": "These are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in the week.", "modified": "2025-12-17T09:03:34.142000", "created": "2025-11-17T09:46:26.166000", "tags": [ "mozi", "clearfake", "coinminer", "ngioweb", "russia", "japan", "sha filename", "submitdate", "dateadded", "malware url", "cuba" ], "references": [ "https://urlhaus.abuse.ch/", "https://any.run/malware-trends/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 118, "FileHash-MD5": 24, "FileHash-SHA1": 24, "FileHash-SHA256": 60, "domain": 33, "hostname": 42 }, "indicator_count": 301, "is_author": false, "is_subscribing": null, "subscriber_count": 106, "modified_text": "164 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69118808413c56df7d4b6316", "name": "Threat Intel Report - W45-2025", "description": "These are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week.\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools.", "modified": "2025-12-10T06:00:37.951000", "created": "2025-11-10T06:36:56.237000", "tags": [ "mozi", "clearfake", "coinminer", "amos clearfake", "cobaltstrike", "rondodox", "remcosrat", "clayrat", "mozi link", "smartapesg", "guloader", "ngioweb", "rhadamanthys", "hijackloader", "indonesia" ], "references": [ "https://any.run/malware-trends/", "https://urlhaus.abuse.ch/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 20, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 90, "URL": 431, "FileHash-MD5": 41, "FileHash-SHA1": 41, "FileHash-SHA256": 80, "domain": 54 }, "indicator_count": 737, "is_author": false, "is_subscribing": null, "subscriber_count": 108, "modified_text": "172 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69084caeba7b20bc8716053b", "name": "Threat Intel Report - W43-2025", "description": "These are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week. \n\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools.", "modified": "2025-12-03T06:04:08.165000", "created": "2025-11-03T06:33:18.782000", "tags": [ "mozi", "clearfake", "microsoft", "grouped", "week", "iocs", "group", "compromise", "phaas", "windows", "cobaltstrike", "mozilla", "malware", "rozena", "coinminer", "tycoon", "telegram", "meta", "august", "lumma" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Lumma", "display_name": "Lumma", "target": null } ], "attack_ids": [ { "id": "T1090", "name": "Proxy", "display_name": "T1090 - Proxy" } ], "industries": [ "Cryptocurrency" ], "TLP": "white", "cloned_from": null, "export_count": 12, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 97, "FileHash-MD5": 22, "FileHash-SHA1": 22, "FileHash-SHA256": 58, "URL": 275, "domain": 46 }, "indicator_count": 520, "is_author": false, "is_subscribing": null, "subscriber_count": 108, "modified_text": "179 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69084bf6c1de7129c7438da6", "name": "Threat Intel Report - W41-2025", "description": "These are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week. \n\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools.", "modified": "2025-12-03T06:04:08.165000", "created": "2025-11-03T06:30:14.109000", "tags": [ "clearfake", "mozi", "week", "microsoft", "cobaltstrike", "iocs", "grouped", "compromise", "phaas", "cvss", "malware", "date", "mexico", "ukraine", "telegram" ], "references": [ "https://any.run/malware-trends/", "https://urlhaus.abuse.ch/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1090", "name": "Proxy", "display_name": "T1090 - Proxy" }, { "id": "T1176", "name": "Browser Extensions", "display_name": "T1176 - Browser Extensions" } ], "industries": [ "Cryptocurrency" ], "TLP": "white", "cloned_from": null, "export_count": 12, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 92, "FileHash-MD5": 24, "FileHash-SHA1": 24, "FileHash-SHA256": 60, "URL": 326, "domain": 39 }, "indicator_count": 565, "is_author": false, "is_subscribing": null, "subscriber_count": 107, "modified_text": "179 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "690849bd041ea4f9df398443", "name": "Threat Intel Report-W44-2025", "description": "These are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in the week.", "modified": "2025-12-03T06:04:08.165000", "created": "2025-11-03T06:20:45.583000", "tags": [ "mozi", "clearfake", "urls http", "hashes", "domains", "sha values", "file name", "submit date", "dateadded", "malware url" ], "references": [ "https://urlhaus.abuse.ch/", "https://any.run/malware-trends/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 97, "URL": 242, "FileHash-MD5": 58, "FileHash-SHA1": 58, "FileHash-SHA256": 121, "domain": 68 }, "indicator_count": 644, "is_author": false, "is_subscribing": null, "subscriber_count": 108, "modified_text": "179 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "68f74aa2332bd64edabeb46e", "name": "Threat Intel Report - W42-2025", "description": "These are weekly base recommendations to all IT Administrators and CISOs to take corrective \nactions to upgrade their security infrastructure against newly identified threats and attacks in the\nweek.", "modified": "2025-11-20T08:01:35.430000", "created": "2025-10-21T08:56:02.733000", "tags": [ "mozi", "clearfake", "usa x86", "urls http", "hashes", "domains", "powerpc", "kongtuke", "sha values", "file name" ], "references": [ "https://urlhaus.abuse.ch/", "https://any.run/malware-trends/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 92, "URL": 279, "FileHash-MD5": 69, "FileHash-SHA1": 69, "FileHash-SHA256": 121, "domain": 37 }, "indicator_count": 667, "is_author": false, "is_subscribing": null, "subscriber_count": 108, "modified_text": "191 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "68e3936b553600e1f137c25e", "name": "Threat Intel Report - W40-2025", "description": "These are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week.\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools.", "modified": "2025-11-05T09:04:58.886000", "created": "2025-10-06T10:01:13.772000", "tags": [ "clearfake", "mozi", "coinminer", "bulgaria", "domains", "urls h", "sha values", "file name", "submit date", "remcos", "mexico" ], "references": [ "https://any.run/malware-trends/", "https://urlhaus.abuse.ch/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 7, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 49, "FileHash-SHA1": 49, "FileHash-SHA256": 78, "URL": 272, "domain": 63, "hostname": 57 }, "indicator_count": 568, "is_author": false, "is_subscribing": null, "subscriber_count": 107, "modified_text": "206 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "68e392a8658de76276b6e810", "name": "Threat Intel Report - W39-2025", "description": "These are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week.\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools.", "modified": "2025-11-05T09:04:58.886000", "created": "2025-10-06T09:57:59.430000", "tags": [ "mozi", "clearfake", "blackmoon", "domains", "urls h", "vidar link", "thailand", "sha values", "file name", "submit date", "stealc", "rhadamanthys", "hijackloader" ], "references": [ "https://any.run/malware-trends/", "https://urlhaus.abuse.ch/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 16, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 57, "FileHash-SHA1": 57, "FileHash-SHA256": 81, "URL": 308, "domain": 60, "hostname": 55 }, "indicator_count": 618, "is_author": false, "is_subscribing": null, "subscriber_count": 107, "modified_text": "206 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "68d0f0ae15139cb948781072", "name": "Threat Intel Report - W38-2025", "description": "These are weekly base recommendations to all IT Administrators and CISOs to take corrective \nactions to upgrade their security infrastructure against newly identified threats and attacks in the \nweek.", "modified": "2025-10-22T06:03:15.544000", "created": "2025-09-22T06:46:06.532000", "tags": [ "mozi", "clearfake", "urls http", "united kingdom", "domains", "hashes", "sha values", "file name", "submit date", "dateadded", "ukraine" ], "references": [ "https://urlhaus.abuse.ch/", "https://myip.ms/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 98, "URL": 284, "FileHash-MD5": 87, "FileHash-SHA1": 87, "FileHash-SHA256": 118, "domain": 45 }, "indicator_count": 719, "is_author": false, "is_subscribing": null, "subscriber_count": 106, "modified_text": "221 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "680f59605f2cdb05ecfe52b7", "name": "Threat Intel Report - W14-2025", "description": "These are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week. \n\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools.", "modified": "2025-05-28T10:02:27.221000", "created": "2025-04-28T10:33:04.500000", "tags": [ "mozi", "wsgidav", "grouped", "week", "group", "iocs", "turkey", "compromise", "asyncrat", "urls http", "clearfake", "ukraine", "amadey", "remcos", "malware", "date", "indonesia", "uruguay", "telegram", "enterprise", "mark" ], "references": [ "https://any.run/malware-trends/", "https://urlhaus.abuse.ch/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [ "Cryptocurrency" ], "TLP": "white", "cloned_from": null, "export_count": 18, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 85, "URL": 159, "FileHash-MD5": 13, "FileHash-SHA1": 13, "FileHash-SHA256": 17, "domain": 59 }, "indicator_count": 346, "is_author": false, "is_subscribing": null, "subscriber_count": 107, "modified_text": "367 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "68340f42d5f7a341e8ad88e7", "name": "Lumma Stealer Shutdown: Global Takedown Disrupts Prolific Cybercrime Tool", "description": "A coordinated international operation led by Microsoft\u2019s Digital Crimes Unit (DCU), the U.S. Department of Justice (DOJ), Europol, and partners has dismantled the infrastructure of Lumma Stealer, a notorious Malware-as-a-Service (MaaS) platform linked to over 10 million infections and 1.7 million confirmed attacks globally. The action, announced in May 2025, resulted in the seizure of 2,300 malicious domains, sinkholing of traffic to Microsoft-controlled servers, and the suspension of Lumma\u2019s Telegram-based affiliate marketplace, crippling its ability to steal sensitive data like passwords, cryptocurrency wallets, and MFA tokens 311.\n\nLumma, developed by Russian threat actor \"Shamel,\" operated under a subscription model ($250\u2013$20,000) and was distributed via phishing campaigns, malvertising, and trojanized software. Its evasion tactics\u2014such as abuse of legitimate cloud services, encrypted C2 communications, and geofenced payloads\u2014made it a preferred tool for ransomware affiliates and credential harvesters.", "modified": "2025-05-26T06:50:42.505000", "created": "2025-05-26T06:50:42.505000", "tags": [ "lummac2", "bitsight", "windows", "steam profile", "lummac2 iocs", "lumma stealer", "malware", "redline", "meta", "bitsight trace", "telegram", "steam", "service", "lumma" ], "references": [ "https://www.bitsight.com/blog/lumma-stealer-is-out-of-business", "https://raw.githubusercontent.com/bitsight-research/threat_research/refs/heads/main/lumma/lumma_iocs.csv" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Bitsight", "display_name": "Bitsight", "target": null }, { "id": "Lumma", "display_name": "Lumma", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1102", "name": "Web Service", "display_name": "T1102 - Web Service" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 10, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "PetrP.73", "id": "154605", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 1135, "hostname": 3, "URL": 97 }, "indicator_count": 1235, "is_author": false, "is_subscribing": null, "subscriber_count": 539, "modified_text": "370 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "67ef8df5d1dfcf2ce2fce716", "name": "Threat Intel Report - W13-2025", "description": "These are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week. \n\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools. \n\nThese details may be used as an additional layer to verify the current security posture of an organization against latest cyber trends.", "modified": "2025-05-04T07:02:31.627000", "created": "2025-04-04T07:44:53.871000", "tags": [ "mozi", "mozi link", "china", "russia", "microsoft", "windows", "week", "germany", "iocs", "clearfake", "indonesia", "remcos", "asyncrat", "sharepoint", "malware", "date", "mexico", "panama", "amadey", "infostealer", "sparrowdoor", "clop" ], "references": [ "https://urlhaus.abuse.ch/", "https://any.run/malware-trends/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Infostealer", "display_name": "Infostealer", "target": null }, { "id": "SparrowDoor", "display_name": "SparrowDoor", "target": null }, { "id": "Clop", "display_name": "Clop", "target": null } ], "attack_ids": [ { "id": "T1021", "name": "Remote Services", "display_name": "T1021 - Remote Services" } ], "industries": [ "Cryptocurrency", "Healthcare" ], "TLP": "white", "cloned_from": null, "export_count": 27, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 264, "FileHash-MD5": 12, "FileHash-SHA1": 12, "FileHash-SHA256": 18, "domain": 59, "hostname": 115 }, "indicator_count": 480, "is_author": false, "is_subscribing": null, "subscriber_count": 107, "modified_text": "392 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "67ef8d571324a271de986299", "name": "Threat Intel Report - W12-2025", "description": "These are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week. \n\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools. \n\nThese details may be used as an additional layer to verify the current security posture of an organization against latest cyber trends.", "modified": "2025-05-04T07:02:31.627000", "created": "2025-04-04T07:42:15.839000", "tags": [ "mozi", "bangladesh", "singapore", "cobaltstrike", "united kingdom", "mozi link", "germany", "france", "china", "turkey", "pink", "indonesia", "clearfake", "ukraine", "panama", "remcos", "asyncrat", "agent tesla", "malware", "date", "snakekeylogger", "masslogger", "mexico", "ransomhub" ], "references": [ "https://urlhaus.abuse.ch/", "https://any.run/malware-trends/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "RansomHub", "display_name": "RansomHub", "target": null } ], "attack_ids": [ { "id": "T1195", "name": "Supply Chain Compromise", "display_name": "T1195 - Supply Chain Compromise" } ], "industries": [ "Cryptocurrency" ], "TLP": "white", "cloned_from": null, "export_count": 20, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 207, "FileHash-MD5": 16, "FileHash-SHA1": 16, "FileHash-SHA256": 19, "CVE": 1, "domain": 43, "hostname": 180 }, "indicator_count": 482, "is_author": false, "is_subscribing": null, "subscriber_count": 106, "modified_text": "392 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "67ef8acdfe632a32bd164cbc", "name": "Threat Intel Report - W11-2025", "description": "These are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week. \n\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools. \n\nThese details may be used as an additional layer to verify the current security posture of an organization against latest cyber trends.", "modified": "2025-05-04T07:02:31.627000", "created": "2025-04-04T07:31:25.772000", "tags": [ "mozi", "germany", "india", "china", "grouped", "vietnam", "united kingdom", "singapore", "week", "group", "indonesia", "clearfake", "asyncrat", "stealc", "smartloader", "mexico", "remcos", "malware", "date", "belarus", "ukraine", "amadey", "lockbit", "linux", "superblack", "akira" ], "references": [ "https://urlhaus.abuse.ch/", "https://any.run/malware-trends/" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [ { "id": "Linux", "display_name": "Linux", "target": null }, { "id": "SuperBlack", "display_name": "SuperBlack", "target": null }, { "id": "Akira", "display_name": "Akira", "target": null }, { "id": "LockBit", "display_name": "LockBit", "target": null } ], "attack_ids": [ { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" } ], "industries": [ "Cryptocurrency" ], "TLP": "white", "cloned_from": null, "export_count": 21, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 91, "FileHash-MD5": 51, "FileHash-SHA1": 51, "FileHash-SHA256": 117, "domain": 62, "hostname": 114 }, "indicator_count": 486, "is_author": false, "is_subscribing": null, "subscriber_count": 106, "modified_text": "392 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "67ef8924699b118fe8775508", "name": "Threat Intel Report - W10-2025", "description": "These are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week. \n\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools. \n\nThese details may be used as an additional layer to verify the current security posture of an organization against latest cyber trends.", "modified": "2025-05-04T07:02:31.627000", "created": "2025-04-04T07:24:20.314000", "tags": [ "cisos", "mozi", "coinminer", "germany", "mozi link", "singapore", "brazil", "russia", "united kingdom", "grouped", "france", "dcrat", "sliver", "ukraine", "asyncrat", "agent tesla", "malware", "date", "clearfake", "indonesia", "mexico", "panama", "paraguay", "steam", "february", "service", "qilin", "akira" ], "references": [ "https://urlhaus.abuse.ch/", "https://any.run/malware-trends/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Qilin", "display_name": "Qilin", "target": null }, { "id": "Akira", "display_name": "Akira", "target": null } ], "attack_ids": [ { "id": "T1123", "name": "Audio Capture", "display_name": "T1123 - Audio Capture" }, { "id": "T1552", "name": "Unsecured Credentials", "display_name": "T1552 - Unsecured Credentials" } ], "industries": [ "Cryptocurrency", "Telecom", "Telecommunication" ], "TLP": "white", "cloned_from": null, "export_count": 17, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 273, "FileHash-MD5": 12, "FileHash-SHA1": 12, "FileHash-SHA256": 16, "domain": 57, "hostname": 190 }, "indicator_count": 560, "is_author": false, "is_subscribing": null, "subscriber_count": 106, "modified_text": "392 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "67e9767e0a5e64e5daa035da", "name": "adriaenclaeys 2023", "description": "", "modified": "2025-04-29T16:04:50.877000", "created": "2025-03-30T16:51:10.033000", "tags": [], "references": [ "https://www.virustotal.com/graph/gea284af15b0849038e5d44b0fb6cd14d8cc41a132a704c16bfcfacb0c834d322" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "skocherhan", "id": "249290", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_249290/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 88, "FileHash-MD5": 69, "FileHash-SHA1": 65, "FileHash-SHA256": 139, "domain": 18, "hostname": 10 }, "indicator_count": 389, "is_author": false, "is_subscribing": null, "subscriber_count": 182, "modified_text": "396 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "67c6d94d3b0f65be3f6b60e1", "name": "Threat Intel Report - W07-2025", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced from various channels and tools. \n\nThese are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week. \n\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools.", "modified": "2025-04-03T10:02:05.354000", "created": "2025-03-04T10:43:25.849000", "tags": [ "mozi", "tech mahindra", "csrmirteam", "threat report", "south africa", "mozi lin", "germany", "greed mi", "greed mirai", "blacklist host", "indonesia", "asyncrat", "agent tesla", "police", "malware", "date", "jaff", "mylobot", "paraguay", "ukraine", "remcos", "february", "steam", "lumma", "finaldraft", "vidar", "ra world", "mirai" ], "references": [ "https://any.run/malware-trends/", "https://urlhaus.abuse.ch/" ], "public": 1, "adversary": "", "targeted_countries": [ "Russian Federation", "China", "United States of America" ], "malware_families": [ { "id": "Lumma", "display_name": "Lumma", "target": null }, { "id": "FinalDraft", "display_name": "FinalDraft", "target": null }, { "id": "Vidar", "display_name": "Vidar", "target": null }, { "id": "RA World", "display_name": "RA World", "target": null }, { "id": "mirai", "display_name": "mirai", "target": null } ], "attack_ids": [ { "id": "T1102", "name": "Web Service", "display_name": "T1102 - Web Service" } ], "industries": [ "Telecoms", "Cryptocurrency", "Telecommunications" ], "TLP": "white", "cloned_from": null, "export_count": 15, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 189, "FileHash-MD5": 13, "FileHash-SHA1": 13, "FileHash-SHA256": 18, "CVE": 1, "domain": 52, "hostname": 123 }, "indicator_count": 409, "is_author": false, "is_subscribing": null, "subscriber_count": 106, "modified_text": "422 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "67c6da18dc4aee1789e6e055", "name": "Threat Intel Report - W08-2025", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced from various channels and tools. \n\nThese are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week. \n\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools.", "modified": "2025-04-03T10:02:05.354000", "created": "2025-03-04T10:46:48.069000", "tags": [ "mozi", "wsgidav", "mozi link", "week", "germany", "iocs", "compromise", "australia", "urls https", "microsoft", "asyncrat", "agent tesla", "remcos", "malware", "date", "indonesia", "mexico", "february" ], "references": [ "https://any.run/malware-trends/", "https://urlhaus.abuse.ch/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1195", "name": "Supply Chain Compromise", "display_name": "T1195 - Supply Chain Compromise" } ], "industries": [ "Cryptocurrency" ], "TLP": "white", "cloned_from": null, "export_count": 13, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 94, "URL": 121, "FileHash-MD5": 14, "FileHash-SHA1": 14, "FileHash-SHA256": 15, "domain": 47 }, "indicator_count": 305, "is_author": false, "is_subscribing": null, "subscriber_count": 106, "modified_text": "422 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "67c6db8c356d3600c63bda5f", "name": "Threat Intel Report - W09-2025", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced from various channels and tools. \n\nThese are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week. \n\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools.", "modified": "2025-04-03T10:02:05.354000", "created": "2025-03-04T10:53:00.339000", "tags": [ "mozi", "singapore", "germany", "brazil", "france", "canada", "hong kong", "netherlands", "india", "week", "indonesia", "ukraine", "dcrat", "february", "lazarus", "asyncrat", "remcos", "malware", "date", "cobaltstrike", "clearfake", "panama", "mexico", "estonia", "steam", "close", "ransomware", "police", "android", "service", "friday", "pump", "grasscall", "vo1d" ], "references": [ "https://any.run/malware-trends/", "https://urlhaus.abuse.ch/" ], "public": 1, "adversary": "", "targeted_countries": [ "Thailand", "Australia" ], "malware_families": [ { "id": "GrassCall", "display_name": "GrassCall", "target": null }, { "id": "Vo1d", "display_name": "Vo1d", "target": null } ], "attack_ids": [ { "id": "T1090", "name": "Proxy", "display_name": "T1090 - Proxy" } ], "industries": [ "Cryptocurrency" ], "TLP": "white", "cloned_from": null, "export_count": 20, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 265, "FileHash-MD5": 15, "FileHash-SHA1": 15, "FileHash-SHA256": 18, "CVE": 1, "domain": 50, "hostname": 132 }, "indicator_count": 496, "is_author": false, "is_subscribing": null, "subscriber_count": 106, "modified_text": "422 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "67a99b71fd0aa86f20bd1a6c", "name": "Threat Intel Report - W06-2025", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced from various channels and tools.\nThese are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week.\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools.", "modified": "2025-03-12T06:02:35.492000", "created": "2025-02-10T06:23:45.527000", "tags": [ "mozi", "germany", "brazil", "bulgaria", "argentina", "singapore", "ukraine", "morocco", "urls http", "indonesia", "mexico" ], "references": [ "https://any.run/malware-trends/", "https://urlhaus.abuse.ch/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 9, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 45, "URL": 222, "FileHash-MD5": 6, "FileHash-SHA1": 6, "FileHash-SHA256": 18, "hostname": 130 }, "indicator_count": 427, "is_author": false, "is_subscribing": null, "subscriber_count": 106, "modified_text": "445 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "67a09c06e12adc2561464d8b", "name": "Threat Intel Report - W05-2025", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced from various channels and tools.\nThese are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week.\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools.", "modified": "2025-03-05T10:01:57.943000", "created": "2025-02-03T10:35:50.331000", "tags": [ "mozi", "brazil", "mozi link", "germany", "ukraine", "singapore", "india", "australia", "russia", "mexico", "albania", "uruguay", "indonesia", "estonia", "panama" ], "references": [ "https://urlhaus.abuse.ch/", "https://any.run/malware-trends/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 11, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 219, "FileHash-MD5": 5, "FileHash-SHA1": 5, "FileHash-SHA256": 18, "domain": 50, "hostname": 113 }, "indicator_count": 410, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "451 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "679b60be026390028046f224", "name": "Threat Intel Report - W04-2025", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced \nfrom various channels and tools.\nThese are weekly base recommendations to all IT Administrators and CISOs to take corrective \nactions to upgrade their security infrastructure against newly identified threats and attacks in this \nweek.\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner \nthrough manual or automated tools.\nThese details may be used as an additional layer to verify the current security posture of an \norganization against latest cyber trend", "modified": "2025-03-01T11:00:13.105000", "created": "2025-01-30T11:21:34.012000", "tags": [ "mozi", "tech mahindra", "csrmirteam", "threat report", "germany", "singapore", "brazil", "blacklist host", "ip country", "latest spambot", "ukraine", "stealc", "indonesia", "asyncrat", "amadey", "malware", "paraguay", "xworm", "enterprise", "ransomware", "april", "android", "lumma", "change healthcare" ], "references": [ "https://urlhaus.abuse.ch/", "https://any.run/malware-trends/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Lumma", "display_name": "Lumma", "target": null }, { "id": "Change Healthcare", "display_name": "Change Healthcare", "target": null } ], "attack_ids": [], "industries": [ "Cryptocurrency" ], "TLP": "white", "cloned_from": null, "export_count": 29, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 80, "URL": 210, "FileHash-MD5": 13, "FileHash-SHA1": 13, "FileHash-SHA256": 17, "hostname": 78 }, "indicator_count": 411, "is_author": false, "is_subscribing": null, "subscriber_count": 108, "modified_text": "455 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "679b60138d4b0b4c394a6d8e", "name": "Threat Intel Report - W03-2025", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced \nfrom various channels and tools.\nThese are weekly base recommendations to all IT Administrators and CISOs to take corrective \nactions to upgrade their security infrastructure against newly identified threats and attacks in this \nweek.\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner \nthrough manual or automated tools.\nThese details may be used as an additional layer to verify the current security posture of an \norganization against latest cyber trends", "modified": "2025-03-01T11:00:13.105000", "created": "2025-01-30T11:18:43.667000", "tags": [ "mozi", "tech mahindra", "csrmirteam", "threat report", "mozi link", "singapore", "vanuatu", "germany", "brazil", "dateadded", "indonesia", "ukraine", "dcrat", "asyncrat", "malware", "date", "mexico", "sality", "steam", "general", "lumma" ], "references": [ "https://urlhaus.abuse.ch/", "https://any.run/malware-trends/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Lumma", "display_name": "Lumma", "target": null } ], "attack_ids": [ { "id": "T1068", "name": "Exploitation for Privilege Escalation", "display_name": "T1068 - Exploitation for Privilege Escalation" } ], "industries": [ "Cryptocurrency", "Government", "Diplomacy", "Defense" ], "TLP": "white", "cloned_from": null, "export_count": 27, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 80, "hostname": 85, "URL": 202, "CVE": 1, "FileHash-MD5": 12, "FileHash-SHA1": 12, "FileHash-SHA256": 13 }, "indicator_count": 405, "is_author": false, "is_subscribing": null, "subscriber_count": 108, "modified_text": "455 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "679b5efa5d923a359b46f95b", "name": "Threat Intel Report - W02-2025", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced \nfrom various channels and tools.\nThese are weekly base recommendations to all IT Administrators and CISOs to take corrective \nactions to upgrade their security infrastructure against newly identified threats and attacks in this \nweek.\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner \nthrough manual or automated tools.\nThese details may be used as an additional layer to verify the current security posture of an \norganization against latest cyber trends.", "modified": "2025-03-01T11:00:13.105000", "created": "2025-01-30T11:14:02.450000", "tags": [ "tech mahindra", "csrmirteam", "threat report", "cobaltstrike", "united kingdom", "brazil", "germany", "blacklist host", "ip country", "latest spambot", "coinminer", "cobalt strike", "indonesia", "ukraine", "agent tesla", "rats", "asyncrat", "proton", "malware", "date", "sliver", "privateloader", "cridex", "meduza stealer", "sagecrypt", "redlinestealer", "quasarrat", "xmrig", "calendar", "designer", "silk typhoon", "lumma" ], "references": [ "https://urlhaus.abuse.ch/", "https://any.run/malware-trends/" ], "public": 1, "adversary": "Silk Typhoon", "targeted_countries": [ "United States of America", "Japan" ], "malware_families": [ { "id": "Lumma", "display_name": "Lumma", "target": null } ], "attack_ids": [], "industries": [ "Cryptocurrency" ], "TLP": "white", "cloned_from": null, "export_count": 43, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 61, "URL": 134, "FileHash-MD5": 16, "FileHash-SHA1": 16, "FileHash-SHA256": 17, "CVE": 1, "hostname": 122 }, "indicator_count": 367, "is_author": false, "is_subscribing": null, "subscriber_count": 108, "modified_text": "455 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "679b5dfdefa11d18f84b2acd", "name": "Threat Intel Report - W01-2025", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced \nfrom various channels and tools.\nThese are weekly base recommendations to all IT Administrators and CISOs to take corrective \nactions to upgrade their security infrastructure against newly identified threats and attacks in this week.", "modified": "2025-03-01T10:02:53.494000", "created": "2025-01-30T11:09:49.734000", "tags": [ "mozi", "tech mahindra", "csrmirteam", "threat report", "netherland", "mozi link", "blacklist host", "ip country", "latest spambot", "visit", "dcrat", "uruguay", "asyncrat", "space bears", "malware", "date", "xworm", "sality", "steam", "lumma", "hardhat" ], "references": [ "https://urlhaus.abuse.ch/", "https://any.run/malware-trends/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Lumma", "display_name": "Lumma", "target": null }, { "id": "Hardhat", "display_name": "Hardhat", "target": null } ], "attack_ids": [], "industries": [ "Cryptocurrency" ], "TLP": "white", "cloned_from": null, "export_count": 28, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 74, "hostname": 83, "URL": 165, "FileHash-MD5": 14, "FileHash-SHA1": 14, "FileHash-SHA256": 14 }, "indicator_count": 364, "is_author": false, "is_subscribing": null, "subscriber_count": 106, "modified_text": "455 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6774e8cbdfa56e26aa4b1c00", "name": "Threat Intel Report - W53-2024", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced from various channels and tools. \n\nThese are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week. \n\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools. \n\nThese details may be used as an additional layer to verify the current security posture of an organization against latest cyber trends.", "modified": "2025-01-31T07:03:15.087000", "created": "2025-01-01T07:03:39.539000", "tags": [ "mozi", "brazil", "germany", "kazakstan", "singapore", "week", "russia", "iocs", "australia", "france", "ukraine", "indonesia", "stealc", "malware", "mexico", "cryptbot", "amadey", "date", "belarus", "uruguay", "apache", "lumma", "contagious interview", "mirai" ], "references": [ "https://any.run/malware-trends/", "https://urlhaus.abuse.ch/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Lumma", "display_name": "Lumma", "target": null }, { "id": "Contagious Interview", "display_name": "Contagious Interview", "target": null }, { "id": "Mirai", "display_name": "Mirai", "target": null } ], "attack_ids": [ { "id": "T1176", "name": "Browser Extensions", "display_name": "T1176 - Browser Extensions" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" } ], "industries": [ "Cryptocurrency" ], "TLP": "white", "cloned_from": null, "export_count": 24, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 81, "URL": 230, "FileHash-MD5": 9, "FileHash-SHA1": 9, "FileHash-SHA256": 15, "CVE": 1, "domain": 105 }, "indicator_count": 450, "is_author": false, "is_subscribing": null, "subscriber_count": 107, "modified_text": "485 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6774e689893fa87d47d8b351", "name": "Threat Intel Report - W50-2024", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced from various channels and tools. \n\nThese are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week. \n\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools. \n\nThese details may be used as an additional layer to verify the current security posture of an organization against latest cyber trends", "modified": "2025-01-31T06:04:58.629000", "created": "2025-01-01T06:54:01.111000", "tags": [ "mozi", "mintsloader", "germany", "brazil", "india", "russia", "week", "australia", "united kingdom", "iocs", "indonesia", "stealc", "police", "asyncrat", "agent tesla", "april", "matrix", "malware", "date", "redlinestealer", "mexico", "august", "service", "turla", "exploit" ], "references": [ "https://any.run/malware-trends/", "https://urlhaus.abuse.ch/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 23, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 100, "URL": 184, "FileHash-MD5": 13, "FileHash-SHA1": 13, "FileHash-SHA256": 16, "domain": 47 }, "indicator_count": 373, "is_author": false, "is_subscribing": null, "subscriber_count": 106, "modified_text": "485 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6774e534fe316d0fa0097cc1", "name": "Threat Intel Report - W49-2024", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced from various channels and tools. \n\nThese are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week. \n\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools. \n\nThese details may be used as an additional layer to verify the current security posture of an organization against latest cyber trends.", "modified": "2025-01-31T06:04:58.629000", "created": "2025-01-01T06:48:20.173000", "tags": [ "mozi", "hong kong", "germany", "mozi link", "brazil", "bulgaria", "microsoft", "united kingdom", "week", "russia", "indonesia", "stealc", "asyncrat", "agent tesla", "malware", "date", "mexico", "ukraine", "panama" ], "references": [ "https://urlhaus.abuse.ch/", "https://any.run/malware-trends/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 14, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 99, "URL": 208, "FileHash-MD5": 16, "FileHash-SHA1": 16, "FileHash-SHA256": 21, "domain": 58 }, "indicator_count": 418, "is_author": false, "is_subscribing": null, "subscriber_count": 106, "modified_text": "485 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6774e7765d719c949d7d9be1", "name": "Threat Intel Report - W51-2024", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced from various channels and tools. \n\nThese are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week. \n\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools. \n\nThese details may be used as an additional layer to verify the current security posture of an organization against latest cyber trends.", "modified": "2025-01-31T06:04:58.629000", "created": "2025-01-01T06:57:58.991000", "tags": [ "mozi", "mintsloader", "germany", "brazil", "india", "week", "russia", "australia", "cisa", "iocs", "indonesia", "stealc", "asyncrat", "amadey", "winnti", "facebook", "malware", "date", "redlinestealer", "mexico", "android", "gamaredon", "police", "ukraine", "turla", "april" ], "references": [ "https://any.run/malware-trends/", "https://urlhaus.abuse.ch/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 28, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 76, "hostname": 79, "URL": 196, "FileHash-MD5": 13, "FileHash-SHA1": 13, "FileHash-SHA256": 16 }, "indicator_count": 393, "is_author": false, "is_subscribing": null, "subscriber_count": 106, "modified_text": "485 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6774e823196d078c848ed0e7", "name": "Threat Intel Report - W52-2024", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced from various channels and tools. \n\nThese are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week. \n\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools. \n\nThese details may be used as an additional layer to verify the current security posture of an organization against latest cyber trends.", "modified": "2025-01-31T06:04:58.629000", "created": "2025-01-01T07:00:51.580000", "tags": [ "mozi", "germany", "united kingdom", "asyncrat link", "russia", "brazil", "quakbot", "singapore", "week", "asyncrat", "ukraine", "mexico", "indonesia", "emmenhtal", "amadey", "play ransomware", "malware", "date", "paraguay", "slovakia", "first", "cryptbot", "lumma stealer", "alliance", "june", "android", "powershell" ], "references": [ "https://any.run/malware-trends/", "https://urlhaus.abuse.ch/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 20, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 70, "hostname": 92, "URL": 223, "CVE": 1, "FileHash-MD5": 12, "FileHash-SHA1": 12, "FileHash-SHA256": 16 }, "indicator_count": 426, "is_author": false, "is_subscribing": null, "subscriber_count": 106, "modified_text": "485 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "674d53b0f31efff1bec62e2e", "name": "Threat Intel Report - W48-2024", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced from various channels and tools. \n\nThese are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week. \n\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools. \n\nThese details may be used as an additional layer to verify the current security posture of an organization against latest cyber trends.", "modified": "2025-01-01T06:03:42.757000", "created": "2024-12-02T06:29:04.813000", "tags": [ "mozi", "brazil", "china", "russia", "germany", "bulgaria", "mozi link", "turkey", "singapore", "indonesia", "stealc", "amadey", "redline stealer", "asyncrat", "panama" ], "references": [ "https://myip.ms/browse/blacklist/Blacklist_IP_Blacklist_IP_Addresses_Live_Database_Real-time", "https://any.run/malware-trends/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 16, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 80, "URL": 294, "FileHash-MD5": 10, "FileHash-SHA1": 10, "FileHash-SHA256": 18, "hostname": 81 }, "indicator_count": 493, "is_author": false, "is_subscribing": null, "subscriber_count": 106, "modified_text": "515 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "674d53ae41d19c97b51f1686", "name": "Threat Intel Report - W48-2024", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced from various channels and tools. \n\nThese are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week. \n\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools. \n\nThese details may be used as an additional layer to verify the current security posture of an organization against latest cyber trends.", "modified": "2025-01-01T06:03:42.757000", "created": "2024-12-02T06:29:02.547000", "tags": [ "mozi", "brazil", "china", "russia", "germany", "bulgaria", "mozi link", "turkey", "singapore", "indonesia", "stealc", "amadey", "redline stealer", "asyncrat", "panama" ], "references": [ "https://myip.ms/browse/blacklist/Blacklist_IP_Blacklist_IP_Addresses_Live_Database_Real-time", "https://any.run/malware-trends/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 15, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 80, "URL": 294, "FileHash-MD5": 10, "FileHash-SHA1": 10, "FileHash-SHA256": 18, "hostname": 81 }, "indicator_count": 493, "is_author": false, "is_subscribing": null, "subscriber_count": 106, "modified_text": "515 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "674d50448f6f04ef4cc74a57", "name": "Threat Intel Report - W47-2024", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced from various channels and tools. \n\nThese are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week. \n\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools. \n\nThese details may be used as an additional layer to verify the current security posture of an organization against latest cyber trends.", "modified": "2025-01-01T06:03:42.757000", "created": "2024-12-02T06:14:28.195000", "tags": [ "mozi", "webserverpirata", "russia", "germany", "china", "singapore", "brazil", "bulgaria", "kazakstan", "turkey", "ukraine", "stealc", "indonesia", "redline stealer", "amadey", "panama", "belarus" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 15, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 79, "URL": 272, "FileHash-MD5": 6, "FileHash-SHA1": 6, "FileHash-SHA256": 17, "hostname": 79 }, "indicator_count": 459, "is_author": false, "is_subscribing": null, "subscriber_count": 106, "modified_text": "515 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "674d50425beacf9d86af6693", "name": "Threat Intel Report - W47-2024", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced from various channels and tools. \n\nThese are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week. \n\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools. \n\nThese details may be used as an additional layer to verify the current security posture of an organization against latest cyber trends.", "modified": "2025-01-01T06:03:42.757000", "created": "2024-12-02T06:14:26.675000", "tags": [ "mozi", "webserverpirata", "russia", "germany", "china", "singapore", "brazil", "bulgaria", "kazakstan", "turkey", "ukraine", "stealc", "indonesia", "redline stealer", "amadey", "panama", "belarus" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 15, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 79, "URL": 272, "FileHash-MD5": 6, "FileHash-SHA1": 6, "FileHash-SHA256": 17, "hostname": 79 }, "indicator_count": 459, "is_author": false, "is_subscribing": null, "subscriber_count": 106, "modified_text": "515 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "674d504143037071ca7eb72f", "name": "Threat Intel Report - W47-2024", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced from various channels and tools. \n\nThese are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week. \n\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools. \n\nThese details may be used as an additional layer to verify the current security posture of an organization against latest cyber trends.", "modified": "2025-01-01T06:03:42.757000", "created": "2024-12-02T06:14:25.315000", "tags": [ "mozi", "webserverpirata", "russia", "germany", "china", "singapore", "brazil", "bulgaria", "kazakstan", "turkey", "ukraine", "stealc", "indonesia", "redline stealer", "amadey", "panama", "belarus" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 15, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 79, "URL": 272, "FileHash-MD5": 6, "FileHash-SHA1": 6, "FileHash-SHA256": 17, "hostname": 79 }, "indicator_count": 459, "is_author": false, "is_subscribing": null, "subscriber_count": 106, "modified_text": "515 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "674d4e49476e15975506f4b7", "name": "Threat Intel Report - W46-2024", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced from various channels and tools. \n\nThese are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week. \n\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools. \n\nThese details may be used as an additional layer to verify the current security posture of an organization against latest cyber trends.", "modified": "2025-01-01T06:03:42.757000", "created": "2024-12-02T06:06:01.770000", "tags": [ "mozi", "germany", "brazil", "stealc", "morocco", "week", "india", "singapore", "russia", "urls http", "ukraine", "indonesia", "redline stealer", "amadey", "asyncrat", "malicious", "loki" ], "references": [ "https://myip.ms/browse/blacklist/Blacklist_IP_Blacklist_IP_Addresses_Live_Database_Real-time", "https://any.run/malware-trends/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 15, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 81, "URL": 175, "FileHash-MD5": 9, "FileHash-SHA1": 9, "FileHash-SHA256": 18, "hostname": 55 }, "indicator_count": 347, "is_author": false, "is_subscribing": null, "subscriber_count": 106, "modified_text": "515 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "674d4e486054ecf5b3e78770", "name": "Threat Intel Report - W46-2024", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced from various channels and tools. \n\nThese are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week. \n\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools. \n\nThese details may be used as an additional layer to verify the current security posture of an organization against latest cyber trends.", "modified": "2025-01-01T06:03:42.757000", "created": "2024-12-02T06:06:00.800000", "tags": [ "mozi", "germany", "brazil", "stealc", "morocco", "week", "india", "singapore", "russia", "urls http", "ukraine", "indonesia", "redline stealer", "amadey", "asyncrat", "malicious", "loki" ], "references": [ "https://myip.ms/browse/blacklist/Blacklist_IP_Blacklist_IP_Addresses_Live_Database_Real-time", "https://any.run/malware-trends/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 15, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 81, "URL": 175, "FileHash-MD5": 9, "FileHash-SHA1": 9, "FileHash-SHA256": 18, "hostname": 55 }, "indicator_count": 347, "is_author": false, "is_subscribing": null, "subscriber_count": 107, "modified_text": "515 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "674d4e36c2adc22153aea64f", "name": "Threat Intel Report - W46-2024", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced from various channels and tools. \n\nThese are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week. \n\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools. \n\nThese details may be used as an additional layer to verify the current security posture of an organization against latest cyber trends.", "modified": "2025-01-01T06:03:42.757000", "created": "2024-12-02T06:05:42.255000", "tags": [ "mozi", "germany", "brazil", "stealc", "morocco", "week", "india", "singapore", "russia", "urls http", "ukraine", "indonesia", "redline stealer", "amadey", "asyncrat", "malicious", "loki" ], "references": [ "https://myip.ms/browse/blacklist/Blacklist_IP_Blacklist_IP_Addresses_Live_Database_Real-time", "https://any.run/malware-trends/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 14, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 81, "URL": 175, "FileHash-MD5": 9, "FileHash-SHA1": 9, "FileHash-SHA256": 18, "hostname": 55 }, "indicator_count": 347, "is_author": false, "is_subscribing": null, "subscriber_count": 107, "modified_text": "515 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "674d4a2d83d2e6fb4374b6bc", "name": "Threat Intel Report - W45-2024", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced from various channels and tools. \n\nThese are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week. \n\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools. \n\nThese details may be used as an additional layer to verify the current security posture of an organization against latest cyber trends.", "modified": "2025-01-01T05:05:20.038000", "created": "2024-12-02T05:48:29.199000", "tags": [ "mozi", "germany", "mozi link", "brazil", "india", "ukraine", "russia", "week", "singapore", "sweden", "stealc", "asyncrat", "amadey", "belarus", "armenia", "mexico", "indonesia" ], "references": [ "https://myip.ms/browse/blacklist/Blacklist_IP_Blacklist_IP_Addresses_Live_Database_Real-time", "https://any.run/malware-trends/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 12, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 195, "domain": 78, "FileHash-MD5": 12, "FileHash-SHA1": 12, "FileHash-SHA256": 18, "hostname": 72 }, "indicator_count": 387, "is_author": false, "is_subscribing": null, "subscriber_count": 107, "modified_text": "515 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "676c6a9534b2c6b35936ae5f", "name": "Phishing Army Blocklist Extended", "description": "", "modified": "2024-12-25T20:27:00.473000", "created": "2024-12-25T20:27:00.473000", "tags": [], "references": [ "https://phishing.army/download/phishing_army_blocklist_extended.txt" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 22, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "skocherhan", "id": "249290", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_249290/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 6491, "FileHash-SHA1": 1, "FileHash-SHA256": 1, "URL": 3, "domain": 132719, "hostname": 128543 }, "indicator_count": 267758, "is_author": false, "is_subscribing": null, "subscriber_count": 207, "modified_text": "521 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6731fee193f842ba0043a880", "name": "Threat Intel Report - W44-2024", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced from various channels and tools. \n\nThese are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week. \n\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools. \n\nThese details may be used as an additional layer to verify the current security posture of an organization against latest cyber trends.", "modified": "2024-12-11T12:00:09.101000", "created": "2024-11-11T12:56:01.048000", "tags": [ "mozi", "cobaltstrike", "germany", "mozi link", "brazil", "russia", "singapore", "week", "india", "france", "mexico", "indonesia", "stealc", "panama", "asyncrat", "remcos", "slovakia", "armenia" ], "references": [ "https://myip.ms/browse/blacklist/Blacklist_IP_Blacklist_IP_Addresses_Live_Database_Real-time", "https://any.run/malware-trends/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 36, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 94, "URL": 234, "FileHash-MD5": 8, "FileHash-SHA1": 8, "FileHash-SHA256": 15, "domain": 59 }, "indicator_count": 418, "is_author": false, "is_subscribing": null, "subscriber_count": 114, "modified_text": "535 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6718d3f1b2d95f85c40b2233", "name": "Threat Intel Report - W42-2024", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced from various channels and tools.\nThese are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week.\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools.\nThese details may be used as an additional layer to verify the current security posture of an organization against latest cyber trends.", "modified": "2024-11-22T10:00:39.242000", "created": "2024-10-23T10:46:09.554000", "tags": [ "mozi", "mozi link", "brazil", "germany", "singapore", "panama", "china", "france", "week", "turkey", "indonesia", "stealc", "asyncrat", "remcos", "coinminer", "ukraine", "amadey" ], "references": [ "https://myip.ms/browse/blacklist/Blacklist_IP_Blacklist_IP_Addresses_Live_Database_Real-time", "https://any.run/malware-trends/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 27, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 46, "FileHash-SHA1": 46, "FileHash-SHA256": 117, "URL": 202, "domain": 52, "hostname": 75 }, "indicator_count": 538, "is_author": false, "is_subscribing": null, "subscriber_count": 107, "modified_text": "554 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6718d5365b2f8eed9f8fa754", "name": "Threat Intel Report - W43-2024", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced from various channels and tools.\nThese are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week.\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools.\nThese details may be used as an additional layer to verify the current security posture of an organization against latest cyber trends.", "modified": "2024-11-22T10:00:39.242000", "created": "2024-10-23T10:51:34.212000", "tags": [ "mozi", "mozi link", "brazil", "germany", "singapore", "panama", "china", "france", "week", "turkey", "indonesia", "stealc", "asyncrat", "remcos", "coinminer", "ukraine", "amadey" ], "references": [ "https://myip.ms/browse/blacklist/Blacklist_IP_Blacklist_IP_Addresses_Live_Database_Real-time", "https://any.run/malware-trends/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 27, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 46, "FileHash-SHA1": 46, "FileHash-SHA256": 117, "URL": 202, "domain": 52, "hostname": 75 }, "indicator_count": 538, "is_author": false, "is_subscribing": null, "subscriber_count": 108, "modified_text": "554 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6718d3efafe0408a73fde2b6", "name": "Threat Intel Report - W42-2024", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced from various channels and tools.\nThese are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week.\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools.\nThese details may be used as an additional layer to verify the current security posture of an organization against latest cyber trends.", "modified": "2024-11-22T10:00:39.242000", "created": "2024-10-23T10:46:07.116000", "tags": [ "mozi", "mozi link", "brazil", "germany", "singapore", "panama", "china", "france", "week", "turkey", "indonesia", "stealc", "asyncrat", "remcos", "coinminer", "ukraine", "amadey" ], "references": [ "https://myip.ms/browse/blacklist/Blacklist_IP_Blacklist_IP_Addresses_Live_Database_Real-time", "https://any.run/malware-trends/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 29, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 46, "FileHash-SHA1": 46, "FileHash-SHA256": 117, "URL": 202, "domain": 52, "hostname": 75 }, "indicator_count": 538, "is_author": false, "is_subscribing": null, "subscriber_count": 107, "modified_text": "554 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6704e7d78016644a9ee5d819", "name": "Threat Intel Report - W41-2024", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced from various channels and tools.\nThese are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week.\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools.\nThese details may be used as an additional layer to verify the current security posture of an organization against latest cyber trends.", "modified": "2024-11-07T08:04:23.880000", "created": "2024-10-08T08:05:43.471000", "tags": [ "mozi", "germany", "singapore", "stealc", "mozi link", "poland", "bulgaria", "france", "china", "australia", "vidar", "redlinestealer", "indonesia", "panama", "smoke loader", "asyncrat", "remcos" ], "references": [ "https://any.run/malware-trends/", "https://myip.ms/browse/blacklist/Blacklist_IP_Blacklist_IP_Addresses_Live_Database_Real-time" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 38, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 63, "URL": 151, "FileHash-MD5": 51, "FileHash-SHA1": 50, "FileHash-SHA256": 114, "hostname": 75 }, "indicator_count": 504, "is_author": false, "is_subscribing": null, "subscriber_count": 108, "modified_text": "569 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6704e62eec379dc49bae763d", "name": "Threat Intel Report - W40-2024", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced from various channels and tools.\nThese are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week.\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools.\nThese details may be used as an additional layer to verify the current security posture of an organization against latest cyber trends.", "modified": "2024-11-07T07:01:53.033000", "created": "2024-10-08T07:58:38.506000", "tags": [ "mozi", "week", "dateadded", "malware url", "tags", "asyncrat", "russia", "stealc", "germany", "turkey", "cobalt strike", "blackmoon", "coinminer", "lumma" ], "references": [ "https://any.run/malware-trends/", "https://myip.ms/browse/blacklist/Blacklist_IP_Blacklist_IP_Addresses_Live_Database_Real-time" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Lumma", "display_name": "Lumma", "target": null } ], "attack_ids": [], "industries": [ "Cryptocurrency" ], "TLP": "white", "cloned_from": null, "export_count": 30, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 59, "URL": 107, "FileHash-MD5": 56, "FileHash-SHA1": 56, "FileHash-SHA256": 118, "hostname": 52 }, "indicator_count": 448, "is_author": false, "is_subscribing": null, "subscriber_count": 107, "modified_text": "570 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6704e4534b15d5e0c9d42fc3", "name": "Threat Intel Report - W39-2024", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced from various channels and tools.\nThese are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week.\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools.\nThese details may be used as an additional layer to verify the current security posture of an organization against latest cyber trends.", "modified": "2024-11-07T07:01:53.033000", "created": "2024-10-08T07:50:43.261000", "tags": [ "mozi", "netsupportrat", "germany", "mozi link", "united kingdom", "ukraine", "brazil", "week", "kmsauto", "russia", "stealc", "asyncrat", "malicious", "janelarat", "indonesia", "dbatloader", "warzonerat", "formbook", "lumma" ], "references": [ "https://any.run/malware-trends/", "https://myip.ms/browse/blacklist/Blacklist_IP_Blacklist_IP_Addresses_Live_Database_Real-time" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Lumma", "display_name": "Lumma", "target": null } ], "attack_ids": [ { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" } ], "industries": [ "Cryptocurrency" ], "TLP": "white", "cloned_from": null, "export_count": 35, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 75, "URL": 149, "hostname": 91, "FileHash-MD5": 49, "FileHash-SHA1": 49, "FileHash-SHA256": 117 }, "indicator_count": 530, "is_author": false, "is_subscribing": null, "subscriber_count": 107, "modified_text": "570 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "references": [ "https://phishing.army/download/phishing_army_blocklist_extended.txt", "https://urlhaus.abuse.ch/", "https://myip.ms/", "https://myip.ms/browse/blacklist/Blacklist_IP_Blacklist_IP_Addresses_Live_Database_Real-time", "https://www.virustotal.com/graph/gea284af15b0849038e5d44b0fb6cd14d8cc41a132a704c16bfcfacb0c834d322", "https://raw.githubusercontent.com/bitsight-research/threat_research/refs/heads/main/lumma/lumma_iocs.csv", "https://any.run/malware-trends/", "https://www.bitsight.com/blog/lumma-stealer-is-out-of-business" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [] }, "other": { "adversary": [ "Silk Typhoon" ], "malware_families": [ "Sparrowdoor", "Contagious interview", "Ransomhub", "Linux", "Mirai", "Akira", "Vo1d", "Qilin", "Bitsight", "Infostealer", "Clop", "Hardhat", "Superblack", "Lumma", "Grasscall", "Ra world", "Finaldraft", "Change healthcare", "Vidar", "Lockbit" ], "industries": [ "Telecommunications", "Telecommunication", "Government", "Healthcare", "Telecoms", "Cryptocurrency", "Telecom", "Defense", "Diplomacy" ] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 50, "pulses": [ { "id": "64f7ff2fd0f04df7d66cbd8d", "name": "Win32.Lumma - Malware Domain Feed V2", "description": "Command and Control domains for Win32.Lumma. These domains are extracted from a number of sources, and are suspicious.", "modified": "2026-05-31T02:35:08.356000", "created": "2023-09-06T04:25:19.708000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 316, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "otxrobottwo_testing", "id": "83138", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 615, "hostname": 5 }, "indicator_count": 620, "is_author": false, "is_subscribing": null, "subscriber_count": 596, "modified_text": "4 hours ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "653e8484ba7c285929cb5e0d", "name": "CERT.PL list of malicious domains", "description": "See: https://cert.pl/en/warning-list/\n\n(archived version here: https://web.archive.org/web/20231029161224/https://cert.pl/en/posts/2020/03/malicious_domains/)", "modified": "2026-05-30T07:58:43.913000", "created": "2023-10-29T16:12:52.580000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [ "Poland" ], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 169174, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 1, "follower_count": 0, "vote": 0, "author": { "username": "tomtomalien", "id": "258713", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_258713/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 156498, "domain": 371707 }, "indicator_count": 528205, "is_author": false, "is_subscribing": null, "subscriber_count": 474, "modified_text": "23 hours ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "650872ca8537ef361b8b1e3f", "name": "Win32.Lumma - Malware Domain Feed V2", "description": "Command and Control domains for Win32.Lumma. These domains are extracted from a number of sources, and are suspicious.", "modified": "2026-05-28T18:45:11.519000", "created": "2023-09-18T15:54:50.501000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 185, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "otxrobottwo", "id": "78495", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_78495/resized/80/avatar_ba5a8acdbd.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 671, "hostname": 4 }, "indicator_count": 675, "is_author": false, "is_subscribing": null, "subscriber_count": 1124, "modified_text": "2 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "691aeef2a25558205818f64e", "name": "Threat Intel Report - W46-2025", "description": "These are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in the week.", "modified": "2025-12-17T09:03:34.142000", "created": "2025-11-17T09:46:26.166000", "tags": [ "mozi", "clearfake", "coinminer", "ngioweb", "russia", "japan", "sha filename", "submitdate", "dateadded", "malware url", "cuba" ], "references": [ "https://urlhaus.abuse.ch/", "https://any.run/malware-trends/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 118, "FileHash-MD5": 24, "FileHash-SHA1": 24, "FileHash-SHA256": 60, "domain": 33, "hostname": 42 }, "indicator_count": 301, "is_author": false, "is_subscribing": null, "subscriber_count": 106, "modified_text": "164 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69118808413c56df7d4b6316", "name": "Threat Intel Report - W45-2025", "description": "These are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week.\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools.", "modified": "2025-12-10T06:00:37.951000", "created": "2025-11-10T06:36:56.237000", "tags": [ "mozi", "clearfake", "coinminer", "amos clearfake", "cobaltstrike", "rondodox", "remcosrat", "clayrat", "mozi link", "smartapesg", "guloader", "ngioweb", "rhadamanthys", "hijackloader", "indonesia" ], "references": [ "https://any.run/malware-trends/", "https://urlhaus.abuse.ch/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 20, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 90, "URL": 431, "FileHash-MD5": 41, "FileHash-SHA1": 41, "FileHash-SHA256": 80, "domain": 54 }, "indicator_count": 737, "is_author": false, "is_subscribing": null, "subscriber_count": 108, "modified_text": "172 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69084caeba7b20bc8716053b", "name": "Threat Intel Report - W43-2025", "description": "These are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week. \n\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools.", "modified": "2025-12-03T06:04:08.165000", "created": "2025-11-03T06:33:18.782000", "tags": [ "mozi", "clearfake", "microsoft", "grouped", "week", "iocs", "group", "compromise", "phaas", "windows", "cobaltstrike", "mozilla", "malware", "rozena", "coinminer", "tycoon", "telegram", "meta", "august", "lumma" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Lumma", "display_name": "Lumma", "target": null } ], "attack_ids": [ { "id": "T1090", "name": "Proxy", "display_name": "T1090 - Proxy" } ], "industries": [ "Cryptocurrency" ], "TLP": "white", "cloned_from": null, "export_count": 12, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 97, "FileHash-MD5": 22, "FileHash-SHA1": 22, "FileHash-SHA256": 58, "URL": 275, "domain": 46 }, "indicator_count": 520, "is_author": false, "is_subscribing": null, "subscriber_count": 108, "modified_text": "179 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69084bf6c1de7129c7438da6", "name": "Threat Intel Report - W41-2025", "description": "These are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week. \n\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools.", "modified": "2025-12-03T06:04:08.165000", "created": "2025-11-03T06:30:14.109000", "tags": [ "clearfake", "mozi", "week", "microsoft", "cobaltstrike", "iocs", "grouped", "compromise", "phaas", "cvss", "malware", "date", "mexico", "ukraine", "telegram" ], "references": [ "https://any.run/malware-trends/", "https://urlhaus.abuse.ch/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1090", "name": "Proxy", "display_name": "T1090 - Proxy" }, { "id": "T1176", "name": "Browser Extensions", "display_name": "T1176 - Browser Extensions" } ], "industries": [ "Cryptocurrency" ], "TLP": "white", "cloned_from": null, "export_count": 12, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 92, "FileHash-MD5": 24, "FileHash-SHA1": 24, "FileHash-SHA256": 60, "URL": 326, "domain": 39 }, "indicator_count": 565, "is_author": false, "is_subscribing": null, "subscriber_count": 107, "modified_text": "179 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "690849bd041ea4f9df398443", "name": "Threat Intel Report-W44-2025", "description": "These are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in the week.", "modified": "2025-12-03T06:04:08.165000", "created": "2025-11-03T06:20:45.583000", "tags": [ "mozi", "clearfake", "urls http", "hashes", "domains", "sha values", "file name", "submit date", "dateadded", "malware url" ], "references": [ "https://urlhaus.abuse.ch/", "https://any.run/malware-trends/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 97, "URL": 242, "FileHash-MD5": 58, "FileHash-SHA1": 58, "FileHash-SHA256": 121, "domain": 68 }, "indicator_count": 644, "is_author": false, "is_subscribing": null, "subscriber_count": 108, "modified_text": "179 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "68f74aa2332bd64edabeb46e", "name": "Threat Intel Report - W42-2025", "description": "These are weekly base recommendations to all IT Administrators and CISOs to take corrective \nactions to upgrade their security infrastructure against newly identified threats and attacks in the\nweek.", "modified": "2025-11-20T08:01:35.430000", "created": "2025-10-21T08:56:02.733000", "tags": [ "mozi", "clearfake", "usa x86", "urls http", "hashes", "domains", "powerpc", "kongtuke", "sha values", "file name" ], "references": [ "https://urlhaus.abuse.ch/", "https://any.run/malware-trends/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 92, "URL": 279, "FileHash-MD5": 69, "FileHash-SHA1": 69, "FileHash-SHA256": 121, "domain": 37 }, "indicator_count": 667, "is_author": false, "is_subscribing": null, "subscriber_count": 108, "modified_text": "191 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "68e3936b553600e1f137c25e", "name": "Threat Intel Report - W40-2025", "description": "These are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week.\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools.", "modified": "2025-11-05T09:04:58.886000", "created": "2025-10-06T10:01:13.772000", "tags": [ "clearfake", "mozi", "coinminer", "bulgaria", "domains", "urls h", "sha values", "file name", "submit date", "remcos", "mexico" ], "references": [ "https://any.run/malware-trends/", "https://urlhaus.abuse.ch/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 7, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 49, "FileHash-SHA1": 49, "FileHash-SHA256": 78, "URL": 272, "domain": 63, "hostname": 57 }, "indicator_count": 568, "is_author": false, "is_subscribing": null, "subscriber_count": 107, "modified_text": "206 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "gstatic-node.io", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "gstatic-node.io", "found": true, "verdict": "malicious", "url_count": 1, "online_count": 0, "blacklists": { "spamhaus_dbl": "not listed", "surbl": "not listed" }, "urls": [ { "url": "http://gstatic-node.io/c2conf", "status": "offline", "threat": "malware_download", "date_added": "2023-08-11", "tags": [] } ], "error": null }, "from_cache": true, "_cached_at": 1780212473.2176404 }