{ "type": "Domain", "indicator": "hostglobal.plus", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/hostglobal.plus", "alexa": "http://www.alexa.com/siteinfo/hostglobal.plus", "indicator": "hostglobal.plus", "type": "domain", "type_title": "Domain", "validation": [], "base_indicator": { "id": 3814220805, "indicator": "hostglobal.plus", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 12, "pulses": [ { "id": "694723a207bfb79bb1d41b47", "name": "React2Shell (CVE-2025-55182): Dissecting a Node.js RCE Against a Production Next.js App", "description": "The investigation into the cyberattack targeting a production Next.js application identified the exploitation of a critical vulnerability, CVE-2025-55182 (React2Shell), which allows for remote code execution (RCE). An analysis of over 12,000 log entries demonstrated that attackers successfully executed commands on the server. The initial exploitation initiated through a malformed HTTP POST request containing a malicious React Server Component (RSC) Flight payload, abusing a deserialization flaw. This vulnerability, disclosed in December 2025 and rated CVSS 10.0, quickly garnered attention due to widespread active exploitation.", "modified": "2026-01-19T22:01:55.256000", "created": "2025-12-20T22:30:58.134000", "tags": [ "cve202555182", "c2 server", "react2shell", "command", "http", "against", "iocs", "december", "http client", "host", "mirai", "download", "copy", "cobalt strike", "execution", "apache", "chaos", "metasploit", "hunt", "target", "attack", "open", "close", "possible", "dropper", "persistence", "malicious", "shell", "flight", "rsc flight", "nuts", "anivia" ], "references": [ "https://hunt.io/blog/react2shell-cve-2025-55182-nextjs-nodejs-rce" ], "public": 1, "adversary": "", "targeted_countries": [ "Slovenia" ], "malware_families": [ { "id": "Flight", "display_name": "Flight", "target": null }, { "id": "RSC Flight", "display_name": "RSC Flight", "target": null }, { "id": "Nuts", "display_name": "Nuts", "target": null }, { "id": "Anivia", "display_name": "Anivia", "target": null }, { "id": "Cobalt Strike", "display_name": "Cobalt Strike", "target": null }, { "id": "React2Shell", "display_name": "React2Shell", "target": null }, { "id": "Persistence", "display_name": "Persistence", "target": null }, { "id": "Mirai", "display_name": "Mirai", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1037", "name": "Boot or Logon Initialization Scripts", "display_name": "T1037 - Boot or Logon Initialization Scripts" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1190", "name": "Exploit Public-Facing Application", "display_name": "T1190 - Exploit Public-Facing Application" }, { "id": "T1548", "name": "Abuse Elevation Control Mechanism", "display_name": "T1548 - Abuse Elevation Control Mechanism" }, { "id": "T1565", "name": "Data Manipulation", "display_name": "T1565 - Data Manipulation" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1222", "name": "File and Directory Permissions Modification", "display_name": "T1222 - File and Directory Permissions Modification" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1040", "name": "Network Sniffing", "display_name": "T1040 - Network Sniffing" }, { "id": "T1550", "name": "Use Alternate Authentication Material", "display_name": "T1550 - Use Alternate Authentication Material" }, { "id": "T1049", "name": "System Network Connections Discovery", "display_name": "T1049 - System Network Connections Discovery" }, { "id": "T1113", "name": "Screen Capture", "display_name": "T1113 - Screen Capture" }, { "id": "T1102", "name": "Web Service", "display_name": "T1102 - Web Service" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1134", "name": "Access Token Manipulation", "display_name": "T1134 - Access Token Manipulation" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "PetrP.73", "id": "154605", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CIDR": 1, "CVE": 1, "URL": 8, "domain": 2, "email": 1 }, "indicator_count": 13, "is_author": false, "is_subscribing": null, "subscriber_count": 539, "modified_text": "131 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6821eba33af091dbab3fbe97", "name": "Threat Intel Report - W19-2025", "description": "These are weekly base recommendations to all IT Administrators and CISOs to take corrective \nactions to upgrade their security infrastructure against newly identified threats and attacks in this week.\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner \nthrough manual or automated tools.", "modified": "2025-06-11T12:05:13.756000", "created": "2025-05-12T12:37:55.606000", "tags": [ "mozi", "mozi link", "russia", "cobaltstrike", "urls http", "urls https", "sha values", "file name", "submit date", "dateadded", "clearfake" ], "references": [ "https://urlhaus.abuse.ch/", "https://any.run/malware-trends/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 14, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 81, "domain": 52, "FileHash-MD5": 16, "FileHash-SHA1": 16, "FileHash-SHA256": 19, "URL": 169 }, "indicator_count": 353, "is_author": false, "is_subscribing": null, "subscriber_count": 107, "modified_text": "353 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "67ef8acdfe632a32bd164cbc", "name": "Threat Intel Report - W11-2025", "description": "These are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week. \n\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools. \n\nThese details may be used as an additional layer to verify the current security posture of an organization against latest cyber trends.", "modified": "2025-05-04T07:02:31.627000", "created": "2025-04-04T07:31:25.772000", "tags": [ "mozi", "germany", "india", "china", "grouped", "vietnam", "united kingdom", "singapore", "week", "group", "indonesia", "clearfake", "asyncrat", "stealc", "smartloader", "mexico", "remcos", "malware", "date", "belarus", "ukraine", "amadey", "lockbit", "linux", "superblack", "akira" ], "references": [ "https://urlhaus.abuse.ch/", "https://any.run/malware-trends/" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [ { "id": "Linux", "display_name": "Linux", "target": null }, { "id": "SuperBlack", "display_name": "SuperBlack", "target": null }, { "id": "Akira", "display_name": "Akira", "target": null }, { "id": "LockBit", "display_name": "LockBit", "target": null } ], "attack_ids": [ { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" } ], "industries": [ "Cryptocurrency" ], "TLP": "white", "cloned_from": null, "export_count": 21, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 91, "FileHash-MD5": 51, "FileHash-SHA1": 51, "FileHash-SHA256": 117, "domain": 62, "hostname": 114 }, "indicator_count": 486, "is_author": false, "is_subscribing": null, "subscriber_count": 106, "modified_text": "391 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6731fee193f842ba0043a880", "name": "Threat Intel Report - W44-2024", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced from various channels and tools. \n\nThese are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week. \n\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools. \n\nThese details may be used as an additional layer to verify the current security posture of an organization against latest cyber trends.", "modified": "2024-12-11T12:00:09.101000", "created": "2024-11-11T12:56:01.048000", "tags": [ "mozi", "cobaltstrike", "germany", "mozi link", "brazil", "russia", "singapore", "week", "india", "france", "mexico", "indonesia", "stealc", "panama", "asyncrat", "remcos", "slovakia", "armenia" ], "references": [ "https://myip.ms/browse/blacklist/Blacklist_IP_Blacklist_IP_Addresses_Live_Database_Real-time", "https://any.run/malware-trends/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 36, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 94, "URL": 234, "FileHash-MD5": 8, "FileHash-SHA1": 8, "FileHash-SHA256": 15, "domain": 59 }, "indicator_count": 418, "is_author": false, "is_subscribing": null, "subscriber_count": 114, "modified_text": "535 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6703ced7e6f9f790cadb4844", "name": "Threat Intel Report - W35-2024", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced from various channels and tools.\nThese are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week.\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools.\nThese details may be used as an additional layer to verify the current security posture of an organization against latest cyber trends.", "modified": "2024-11-06T12:02:47.328000", "created": "2024-10-07T12:06:47.890000", "tags": [ "mozi", "germany", "mozi link", "australia", "india", "singapore", "france", "week", "canada", "urls http", "stealc", "dcrat", "ukraine", "panama", "mexico", "remcos", "asyncrat", "remcosrat", "yakuza", "steam", "lumma" ], "references": [ "https://myip.ms/browse/blacklist/Blacklist_IP_Blacklist_IP_Addresses_Live_Database_Real-time", "https://any.run/malware-trends/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Lumma", "display_name": "Lumma", "target": null } ], "attack_ids": [], "industries": [ "Cryptocurrency" ], "TLP": "white", "cloned_from": null, "export_count": 33, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 58, "URL": 178, "FileHash-MD5": 62, "FileHash-SHA1": 62, "FileHash-SHA256": 118, "hostname": 92 }, "indicator_count": 570, "is_author": false, "is_subscribing": null, "subscriber_count": 106, "modified_text": "570 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6703ced8984f046cefd19b32", "name": "Threat Intel Report - W35-2024", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced from various channels and tools.\nThese are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week.\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools.\nThese details may be used as an additional layer to verify the current security posture of an organization against latest cyber trends.", "modified": "2024-11-06T12:02:47.328000", "created": "2024-10-07T12:06:48.888000", "tags": [ "mozi", "germany", "mozi link", "australia", "india", "singapore", "france", "week", "canada", "urls http", "stealc", "dcrat", "ukraine", "panama", "mexico", "remcos", "asyncrat", "remcosrat", "yakuza", "steam", "lumma" ], "references": [ "https://myip.ms/browse/blacklist/Blacklist_IP_Blacklist_IP_Addresses_Live_Database_Real-time", "https://any.run/malware-trends/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Lumma", "display_name": "Lumma", "target": null } ], "attack_ids": [], "industries": [ "Cryptocurrency" ], "TLP": "white", "cloned_from": null, "export_count": 34, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 58, "URL": 178, "FileHash-MD5": 62, "FileHash-SHA1": 62, "FileHash-SHA256": 118, "hostname": 92 }, "indicator_count": 570, "is_author": false, "is_subscribing": null, "subscriber_count": 106, "modified_text": "570 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "66c9b89207a148fee0386c03", "name": "AS41095 iptp ltd", "description": "", "modified": "2024-09-23T10:00:08.013000", "created": "2024-08-24T10:40:18.275000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 4, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "skocherhan", "id": "249290", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_249290/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 3619, "hostname": 2581 }, "indicator_count": 6200, "is_author": false, "is_subscribing": null, "subscriber_count": 185, "modified_text": "614 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "66bb4194cec2a519f5835e30", "name": "Threat Intel Report - W32-2024", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced from various channels and tools[.] \n\nThese are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week[.] \n\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools[.] \n\nThese details may be used as an additional layer to verify the current security posture of an organization against latest cyber trends[.]", "modified": "2024-09-12T11:00:55.410000", "created": "2024-08-13T11:20:52.200000", "tags": [ "mozi", "russia", "week", "mozi link", "germany", "domains", "linux kernel", "cisa", "cvss", "cvss base", "asyncrat", "agent tesla", "remcos", "android", "vidar", "ukraine", "python", "rats", "service", "dark", "mandrake", "ransomware" ], "references": [ "https://any.run/malware-trends/", "https://myip.ms/browse/blacklist/Blacklist_IP_Blacklist_IP_Addresses_Live_Database_Real-time" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 17, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 46, "hostname": 94, "URL": 212, "FileHash-MD5": 47, "FileHash-SHA1": 47, "FileHash-SHA256": 118 }, "indicator_count": 564, "is_author": false, "is_subscribing": null, "subscriber_count": 106, "modified_text": "625 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "66bb43ce0b5a9b42a54a3498", "name": "Threat Intel Report - W31-2024", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced from various channels and tools. \n\nThese are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week. \n\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools. \n\nThese details may be used as an additional layer to verify the current security posture of an organization against latest cyber trends.", "modified": "2024-09-12T11:00:55.410000", "created": "2024-08-13T11:30:22.195000", "tags": [ "mozi", "mozi link", "week", "windows", "microsoft", "penterac2", "russia", "germany", "cvss", "cvss base", "spynote", "mexico", "agent tesla", "remcos", "snakekeylogger", "coinminer", "panama", "indonesia", "asyncrat", "panda", "android" ], "references": [ "https://any.run/malware-trends/", "https://myip.ms/browse/blacklist/Blacklist_IP_Blacklist_IP_Addresses_Live_Database_Real-time" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 13, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 62, "hostname": 87, "URL": 136, "FileHash-MD5": 53, "FileHash-SHA1": 53, "FileHash-SHA256": 112 }, "indicator_count": 503, "is_author": false, "is_subscribing": null, "subscriber_count": 106, "modified_text": "625 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "66bb43d21b05a860a29b73c0", "name": "Threat Intel Report - W31-2024", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced from various channels and tools. \n\nThese are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week. \n\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools. \n\nThese details may be used as an additional layer to verify the current security posture of an organization against latest cyber trends.", "modified": "2024-09-12T11:00:55.410000", "created": "2024-08-13T11:30:26.211000", "tags": [ "mozi", "mozi link", "week", "windows", "microsoft", "penterac2", "russia", "germany", "cvss", "cvss base", "spynote", "mexico", "agent tesla", "remcos", "snakekeylogger", "coinminer", "panama", "indonesia", "asyncrat", "panda", "android" ], "references": [ "https://any.run/malware-trends/", "https://myip.ms/browse/blacklist/Blacklist_IP_Blacklist_IP_Addresses_Live_Database_Real-time" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 13, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 62, "hostname": 87, "URL": 136, "FileHash-MD5": 53, "FileHash-SHA1": 53, "FileHash-SHA256": 112 }, "indicator_count": 503, "is_author": false, "is_subscribing": null, "subscriber_count": 106, "modified_text": "625 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "66bb43d21eaad50b74da3b82", "name": "Threat Intel Report - W31-2024", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced from various channels and tools. \n\nThese are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week. \n\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools. \n\nThese details may be used as an additional layer to verify the current security posture of an organization against latest cyber trends.", "modified": "2024-09-12T11:00:55.410000", "created": "2024-08-13T11:30:26.108000", "tags": [ "mozi", "mozi link", "week", "windows", "microsoft", "penterac2", "russia", "germany", "cvss", "cvss base", "spynote", "mexico", "agent tesla", "remcos", "snakekeylogger", "coinminer", "panama", "indonesia", "asyncrat", "panda", "android" ], "references": [ "https://any.run/malware-trends/", "https://myip.ms/browse/blacklist/Blacklist_IP_Blacklist_IP_Addresses_Live_Database_Real-time" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 13, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 62, "hostname": 87, "URL": 136, "FileHash-MD5": 53, "FileHash-SHA1": 53, "FileHash-SHA256": 112 }, "indicator_count": 503, "is_author": false, "is_subscribing": null, "subscriber_count": 106, "modified_text": "625 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "66bb44c55928675e15bc818d", "name": "Threat Intel Report - W30-2024", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced from various channels and tools. \n\nThese are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week. \n\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools. \n\nThese details may be used as an additional layer to verify the current security posture of an organization against latest cyber trends.", "modified": "2024-09-12T11:00:55.410000", "created": "2024-08-13T11:34:29.979000", "tags": [ "mozi", "microsoft", "week", "windows", "panama", "germany", "russia", "lithuania", "romania", "urls http", "agent tesla", "asyncrat", "dcrat", "muddywater", "indonesia", "mexico", "remcos", "stealc", "steam", "lockbit", "february", "qilin" ], "references": [ "https://any.run/malware-trends/", "https://myip.ms/browse/blacklist/Blacklist_IP_Blacklist_IP_Addresses_Live_Database_Real-time" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Qilin", "display_name": "Qilin", "target": null } ], "attack_ids": [ { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 16, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 70, "hostname": 82, "URL": 211, "FileHash-MD5": 69, "FileHash-SHA1": 68, "FileHash-SHA256": 117, "CVE": 1 }, "indicator_count": 618, "is_author": false, "is_subscribing": null, "subscriber_count": 106, "modified_text": "625 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "references": [ "https://urlhaus.abuse.ch/", "https://hunt.io/blog/react2shell-cve-2025-55182-nextjs-nodejs-rce", "https://any.run/malware-trends/", "https://myip.ms/browse/blacklist/Blacklist_IP_Blacklist_IP_Addresses_Live_Database_Real-time" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [] }, "other": { "adversary": [], "malware_families": [ "Mirai", "Superblack", "Lumma", "Nuts", "Qilin", "Linux", "Lockbit", "Persistence", "Anivia", "React2shell", "Rsc flight", "Flight", "Akira", "Cobalt strike" ], "industries": [ "Cryptocurrency" ] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 12, "pulses": [ { "id": "694723a207bfb79bb1d41b47", "name": "React2Shell (CVE-2025-55182): Dissecting a Node.js RCE Against a Production Next.js App", "description": "The investigation into the cyberattack targeting a production Next.js application identified the exploitation of a critical vulnerability, CVE-2025-55182 (React2Shell), which allows for remote code execution (RCE). An analysis of over 12,000 log entries demonstrated that attackers successfully executed commands on the server. The initial exploitation initiated through a malformed HTTP POST request containing a malicious React Server Component (RSC) Flight payload, abusing a deserialization flaw. This vulnerability, disclosed in December 2025 and rated CVSS 10.0, quickly garnered attention due to widespread active exploitation.", "modified": "2026-01-19T22:01:55.256000", "created": "2025-12-20T22:30:58.134000", "tags": [ "cve202555182", "c2 server", "react2shell", "command", "http", "against", "iocs", "december", "http client", "host", "mirai", "download", "copy", "cobalt strike", "execution", "apache", "chaos", "metasploit", "hunt", "target", "attack", "open", "close", "possible", "dropper", "persistence", "malicious", "shell", "flight", "rsc flight", "nuts", "anivia" ], "references": [ "https://hunt.io/blog/react2shell-cve-2025-55182-nextjs-nodejs-rce" ], "public": 1, "adversary": "", "targeted_countries": [ "Slovenia" ], "malware_families": [ { "id": "Flight", "display_name": "Flight", "target": null }, { "id": "RSC Flight", "display_name": "RSC Flight", "target": null }, { "id": "Nuts", "display_name": "Nuts", "target": null }, { "id": "Anivia", "display_name": "Anivia", "target": null }, { "id": "Cobalt Strike", "display_name": "Cobalt Strike", "target": null }, { "id": "React2Shell", "display_name": "React2Shell", "target": null }, { "id": "Persistence", "display_name": "Persistence", "target": null }, { "id": "Mirai", "display_name": "Mirai", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1037", "name": "Boot or Logon Initialization Scripts", "display_name": "T1037 - Boot or Logon Initialization Scripts" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1190", "name": "Exploit Public-Facing Application", "display_name": "T1190 - Exploit Public-Facing Application" }, { "id": "T1548", "name": "Abuse Elevation Control Mechanism", "display_name": "T1548 - Abuse Elevation Control Mechanism" }, { "id": "T1565", "name": "Data Manipulation", "display_name": "T1565 - Data Manipulation" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1222", "name": "File and Directory Permissions Modification", "display_name": "T1222 - File and Directory Permissions Modification" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1040", "name": "Network Sniffing", "display_name": "T1040 - Network Sniffing" }, { "id": "T1550", "name": "Use Alternate Authentication Material", "display_name": "T1550 - Use Alternate Authentication Material" }, { "id": "T1049", "name": "System Network Connections Discovery", "display_name": "T1049 - System Network Connections Discovery" }, { "id": "T1113", "name": "Screen Capture", "display_name": "T1113 - Screen Capture" }, { "id": "T1102", "name": "Web Service", "display_name": "T1102 - Web Service" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1134", "name": "Access Token Manipulation", "display_name": "T1134 - Access Token Manipulation" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "PetrP.73", "id": "154605", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CIDR": 1, "CVE": 1, "URL": 8, "domain": 2, "email": 1 }, "indicator_count": 13, "is_author": false, "is_subscribing": null, "subscriber_count": 539, "modified_text": "131 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6821eba33af091dbab3fbe97", "name": "Threat Intel Report - W19-2025", "description": "These are weekly base recommendations to all IT Administrators and CISOs to take corrective \nactions to upgrade their security infrastructure against newly identified threats and attacks in this week.\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner \nthrough manual or automated tools.", "modified": "2025-06-11T12:05:13.756000", "created": "2025-05-12T12:37:55.606000", "tags": [ "mozi", "mozi link", "russia", "cobaltstrike", "urls http", "urls https", "sha values", "file name", "submit date", "dateadded", "clearfake" ], "references": [ "https://urlhaus.abuse.ch/", "https://any.run/malware-trends/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 14, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 81, "domain": 52, "FileHash-MD5": 16, "FileHash-SHA1": 16, "FileHash-SHA256": 19, "URL": 169 }, "indicator_count": 353, "is_author": false, "is_subscribing": null, "subscriber_count": 107, "modified_text": "353 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "67ef8acdfe632a32bd164cbc", "name": "Threat Intel Report - W11-2025", "description": "These are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week. \n\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools. \n\nThese details may be used as an additional layer to verify the current security posture of an organization against latest cyber trends.", "modified": "2025-05-04T07:02:31.627000", "created": "2025-04-04T07:31:25.772000", "tags": [ "mozi", "germany", "india", "china", "grouped", "vietnam", "united kingdom", "singapore", "week", "group", "indonesia", "clearfake", "asyncrat", "stealc", "smartloader", "mexico", "remcos", "malware", "date", "belarus", "ukraine", "amadey", "lockbit", "linux", "superblack", "akira" ], "references": [ "https://urlhaus.abuse.ch/", "https://any.run/malware-trends/" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [ { "id": "Linux", "display_name": "Linux", "target": null }, { "id": "SuperBlack", "display_name": "SuperBlack", "target": null }, { "id": "Akira", "display_name": "Akira", "target": null }, { "id": "LockBit", "display_name": "LockBit", "target": null } ], "attack_ids": [ { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" } ], "industries": [ "Cryptocurrency" ], "TLP": "white", "cloned_from": null, "export_count": 21, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 91, "FileHash-MD5": 51, "FileHash-SHA1": 51, "FileHash-SHA256": 117, "domain": 62, "hostname": 114 }, "indicator_count": 486, "is_author": false, "is_subscribing": null, "subscriber_count": 106, "modified_text": "391 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6731fee193f842ba0043a880", "name": "Threat Intel Report - W44-2024", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced from various channels and tools. \n\nThese are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week. \n\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools. \n\nThese details may be used as an additional layer to verify the current security posture of an organization against latest cyber trends.", "modified": "2024-12-11T12:00:09.101000", "created": "2024-11-11T12:56:01.048000", "tags": [ "mozi", "cobaltstrike", "germany", "mozi link", "brazil", "russia", "singapore", "week", "india", "france", "mexico", "indonesia", "stealc", "panama", "asyncrat", "remcos", "slovakia", "armenia" ], "references": [ "https://myip.ms/browse/blacklist/Blacklist_IP_Blacklist_IP_Addresses_Live_Database_Real-time", "https://any.run/malware-trends/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 36, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 94, "URL": 234, "FileHash-MD5": 8, "FileHash-SHA1": 8, "FileHash-SHA256": 15, "domain": 59 }, "indicator_count": 418, "is_author": false, "is_subscribing": null, "subscriber_count": 114, "modified_text": "535 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6703ced7e6f9f790cadb4844", "name": "Threat Intel Report - W35-2024", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced from various channels and tools.\nThese are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week.\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools.\nThese details may be used as an additional layer to verify the current security posture of an organization against latest cyber trends.", "modified": "2024-11-06T12:02:47.328000", "created": "2024-10-07T12:06:47.890000", "tags": [ "mozi", "germany", "mozi link", "australia", "india", "singapore", "france", "week", "canada", "urls http", "stealc", "dcrat", "ukraine", "panama", "mexico", "remcos", "asyncrat", "remcosrat", "yakuza", "steam", "lumma" ], "references": [ "https://myip.ms/browse/blacklist/Blacklist_IP_Blacklist_IP_Addresses_Live_Database_Real-time", "https://any.run/malware-trends/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Lumma", "display_name": "Lumma", "target": null } ], "attack_ids": [], "industries": [ "Cryptocurrency" ], "TLP": "white", "cloned_from": null, "export_count": 33, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 58, "URL": 178, "FileHash-MD5": 62, "FileHash-SHA1": 62, "FileHash-SHA256": 118, "hostname": 92 }, "indicator_count": 570, "is_author": false, "is_subscribing": null, "subscriber_count": 106, "modified_text": "570 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6703ced8984f046cefd19b32", "name": "Threat Intel Report - W35-2024", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced from various channels and tools.\nThese are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week.\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools.\nThese details may be used as an additional layer to verify the current security posture of an organization against latest cyber trends.", "modified": "2024-11-06T12:02:47.328000", "created": "2024-10-07T12:06:48.888000", "tags": [ "mozi", "germany", "mozi link", "australia", "india", "singapore", "france", "week", "canada", "urls http", "stealc", "dcrat", "ukraine", "panama", "mexico", "remcos", "asyncrat", "remcosrat", "yakuza", "steam", "lumma" ], "references": [ "https://myip.ms/browse/blacklist/Blacklist_IP_Blacklist_IP_Addresses_Live_Database_Real-time", "https://any.run/malware-trends/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Lumma", "display_name": "Lumma", "target": null } ], "attack_ids": [], "industries": [ "Cryptocurrency" ], "TLP": "white", "cloned_from": null, "export_count": 34, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 58, "URL": 178, "FileHash-MD5": 62, "FileHash-SHA1": 62, "FileHash-SHA256": 118, "hostname": 92 }, "indicator_count": 570, "is_author": false, "is_subscribing": null, "subscriber_count": 106, "modified_text": "570 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "66c9b89207a148fee0386c03", "name": "AS41095 iptp ltd", "description": "", "modified": "2024-09-23T10:00:08.013000", "created": "2024-08-24T10:40:18.275000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 4, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "skocherhan", "id": "249290", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_249290/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 3619, "hostname": 2581 }, "indicator_count": 6200, "is_author": false, "is_subscribing": null, "subscriber_count": 185, "modified_text": "614 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "66bb4194cec2a519f5835e30", "name": "Threat Intel Report - W32-2024", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced from various channels and tools[.] \n\nThese are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week[.] \n\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools[.] \n\nThese details may be used as an additional layer to verify the current security posture of an organization against latest cyber trends[.]", "modified": "2024-09-12T11:00:55.410000", "created": "2024-08-13T11:20:52.200000", "tags": [ "mozi", "russia", "week", "mozi link", "germany", "domains", "linux kernel", "cisa", "cvss", "cvss base", "asyncrat", "agent tesla", "remcos", "android", "vidar", "ukraine", "python", "rats", "service", "dark", "mandrake", "ransomware" ], "references": [ "https://any.run/malware-trends/", "https://myip.ms/browse/blacklist/Blacklist_IP_Blacklist_IP_Addresses_Live_Database_Real-time" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 17, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 46, "hostname": 94, "URL": 212, "FileHash-MD5": 47, "FileHash-SHA1": 47, "FileHash-SHA256": 118 }, "indicator_count": 564, "is_author": false, "is_subscribing": null, "subscriber_count": 106, "modified_text": "625 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "66bb43ce0b5a9b42a54a3498", "name": "Threat Intel Report - W31-2024", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced from various channels and tools. \n\nThese are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week. \n\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools. \n\nThese details may be used as an additional layer to verify the current security posture of an organization against latest cyber trends.", "modified": "2024-09-12T11:00:55.410000", "created": "2024-08-13T11:30:22.195000", "tags": [ "mozi", "mozi link", "week", "windows", "microsoft", "penterac2", "russia", "germany", "cvss", "cvss base", "spynote", "mexico", "agent tesla", "remcos", "snakekeylogger", "coinminer", "panama", "indonesia", "asyncrat", "panda", "android" ], "references": [ "https://any.run/malware-trends/", "https://myip.ms/browse/blacklist/Blacklist_IP_Blacklist_IP_Addresses_Live_Database_Real-time" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 13, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 62, "hostname": 87, "URL": 136, "FileHash-MD5": 53, "FileHash-SHA1": 53, "FileHash-SHA256": 112 }, "indicator_count": 503, "is_author": false, "is_subscribing": null, "subscriber_count": 106, "modified_text": "625 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "66bb43d21b05a860a29b73c0", "name": "Threat Intel Report - W31-2024", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced from various channels and tools. \n\nThese are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week. \n\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools. \n\nThese details may be used as an additional layer to verify the current security posture of an organization against latest cyber trends.", "modified": "2024-09-12T11:00:55.410000", "created": "2024-08-13T11:30:26.211000", "tags": [ "mozi", "mozi link", "week", "windows", "microsoft", "penterac2", "russia", "germany", "cvss", "cvss base", "spynote", "mexico", "agent tesla", "remcos", "snakekeylogger", "coinminer", "panama", "indonesia", "asyncrat", "panda", "android" ], "references": [ "https://any.run/malware-trends/", "https://myip.ms/browse/blacklist/Blacklist_IP_Blacklist_IP_Addresses_Live_Database_Real-time" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 13, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 62, "hostname": 87, "URL": 136, "FileHash-MD5": 53, "FileHash-SHA1": 53, "FileHash-SHA256": 112 }, "indicator_count": 503, "is_author": false, "is_subscribing": null, "subscriber_count": 106, "modified_text": "625 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "hostglobal.plus", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "hostglobal.plus", "found": false, "verdict": "clean", "urls": [], "error": null }, "from_cache": true, "_cached_at": 1780184994.6771407 }