{ "type": "URL", "indicator": "http://31.172.71.5:50443", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "http://31.172.71.5:50443", "type": "url", "type_title": "URL", "validation": [], "base_indicator": { "id": 4335647175, "indicator": "http://31.172.71.5:50443", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 4, "pulses": [ { "id": "69f32ac81834d5a878e8fac0", "name": "Energy Sector Incident Report", "description": "On December 29, 2025, coordinated destructive cyberattacks targeted Poland's energy infrastructure during severe winter weather. Approximately 30 wind and solar farms, a manufacturing company, and a combined heat and power plant serving nearly 500,000 customers were affected. Attackers exploited vulnerable FortiGate perimeter devices using stolen credentials and default passwords to access industrial control systems. Multiple types of wiper malware, including DynoWiper and LazyWiper, were deployed to destroy data across IT and OT environments. While renewable facilities lost communication with distribution operators without affecting electricity generation, the incidents demonstrated significant capability to cause physical disruption. Infrastructure analysis revealed connections to threat clusters known as Static Tundra, Ghost Blizzard, and potentially Sandworm, marking a notable escalation in cyber-sabotage operations.", "modified": "2026-05-30T10:03:42.474000", "created": "2026-04-30T10:11:20.255000", "tags": [ "energy sector", "cve-2024-2617", "rubeus", "dynowiper", "lazywiper", "destructive operations", "fortigate exploitation", "combined heat power", "impacket", "renewable energy", "poland infrastructure", "industrial control systems", "wiper attack" ], "references": [ "https://cert.pl/uploads/docs/CERT_Polska_Energy_Sector_Incident_Report_2025.pdf" ], "public": 1, "adversary": "Static Tundra", "targeted_countries": [ "Poland" ], "malware_families": [ { "id": "DynoWiper", "display_name": "DynoWiper", "target": null }, { "id": "LazyWiper", "display_name": "LazyWiper", "target": null }, { "id": "Impacket", "display_name": "Impacket", "target": null }, { "id": "Rubeus", "display_name": "Rubeus", "target": null } ], "attack_ids": [], "industries": [ "Energy", "Manufacturing" ], "TLP": "white", "cloned_from": null, "export_count": 24, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 21, "FileHash-SHA1": 5, "FileHash-SHA256": 7, "URL": 5 }, "indicator_count": 38, "is_author": false, "is_subscribing": null, "subscriber_count": 386443, "modified_text": "8 hours ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69f3bd5aef3274f6820fabc7", "name": "\"E:\\CTIA-Tools\\CTIA Module 05 Data Analysis\\Microsoft Threat Modeling Tool\\TMT7.application\"", "description": "", "modified": "2026-05-30T10:03:42.474000", "created": "2026-04-30T20:36:42.625000", "tags": [ "energy sector", "cve-2024-2617", "rubeus", "dynowiper", "lazywiper", "destructive operations", "fortigate exploitation", "combined heat power", "impacket", "renewable energy", "poland infrastructure", "industrial control systems", "wiper attack" ], "references": [ "https://cert.pl/uploads/docs/CERT_Polska_Energy_Sector_Incident_Report_2025.pdf" ], "public": 1, "adversary": "Static Tundra", "targeted_countries": [ "Poland" ], "malware_families": [ { "id": "DynoWiper", "display_name": "DynoWiper", "target": null }, { "id": "LazyWiper", "display_name": "LazyWiper", "target": null }, { "id": "Impacket", "display_name": "Impacket", "target": null }, { "id": "Rubeus", "display_name": "Rubeus", "target": null } ], "attack_ids": [], "industries": [ "Energy", "Manufacturing" ], "TLP": "white", "cloned_from": "69f32ac81834d5a878e8fac0", "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "olivershippy", "id": "401750", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 21, "FileHash-SHA1": 5, "FileHash-SHA256": 7, "URL": 5 }, "indicator_count": 38, "is_author": false, "is_subscribing": null, "subscriber_count": 1, "modified_text": "8 hours ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69f3bd6814568df21249e586", "name": "\"E:\\CTIA-Tools\\CTIA Module 05 Data Analysis\\Microsoft Threat Modeling Tool\\TMT7.application\"", "description": "", "modified": "2026-05-30T10:03:42.474000", "created": "2026-04-30T20:36:56.263000", "tags": [ "energy sector", "cve-2024-2617", "rubeus", "dynowiper", "lazywiper", "destructive operations", "fortigate exploitation", "combined heat power", "impacket", "renewable energy", "poland infrastructure", "industrial control systems", "wiper attack" ], "references": [ "https://cert.pl/uploads/docs/CERT_Polska_Energy_Sector_Incident_Report_2025.pdf" ], "public": 1, "adversary": "Static Tundra", "targeted_countries": [ "Poland" ], "malware_families": [ { "id": "DynoWiper", "display_name": "DynoWiper", "target": null }, { "id": "LazyWiper", "display_name": "LazyWiper", "target": null }, { "id": "Impacket", "display_name": "Impacket", "target": null }, { "id": "Rubeus", "display_name": "Rubeus", "target": null } ], "attack_ids": [], "industries": [ "Energy", "Manufacturing" ], "TLP": "white", "cloned_from": "69f32ac81834d5a878e8fac0", "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "olivershippy", "id": "401750", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 21, "FileHash-SHA1": 5, "FileHash-SHA256": 7, "URL": 5 }, "indicator_count": 38, "is_author": false, "is_subscribing": null, "subscriber_count": 1, "modified_text": "8 hours ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69f82582e230f0f8170c97fa", "name": "Energy Sector Incident Report", "description": "", "modified": "2026-05-30T10:03:42.474000", "created": "2026-05-04T04:50:10.429000", "tags": [ "energy sector", "cve-2024-2617", "rubeus", "dynowiper", "lazywiper", "destructive operations", "fortigate exploitation", "combined heat power", "impacket", "renewable energy", "poland infrastructure", "industrial control systems", "wiper attack" ], "references": [ "https://cert.pl/uploads/docs/CERT_Polska_Energy_Sector_Incident_Report_2025.pdf" ], "public": 1, "adversary": "Static Tundra", "targeted_countries": [ "Poland" ], "malware_families": [ { "id": "DynoWiper", "display_name": "DynoWiper", "target": null }, { "id": "LazyWiper", "display_name": "LazyWiper", "target": null }, { "id": "Impacket", "display_name": "Impacket", "target": null }, { "id": "Rubeus", "display_name": "Rubeus", "target": null } ], "attack_ids": [], "industries": [ "Energy", "Manufacturing" ], "TLP": "white", "cloned_from": "69f32ac81834d5a878e8fac0", "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Tr1sa111", "id": "192483", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 21, "FileHash-SHA1": 5, "FileHash-SHA256": 7, "URL": 5 }, "indicator_count": 38, "is_author": false, "is_subscribing": null, "subscriber_count": 278, "modified_text": "8 hours ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [ "https://cert.pl/uploads/docs/CERT_Polska_Energy_Sector_Incident_Report_2025.pdf" ], "related": { "alienvault": { "adversary": [ "Static Tundra" ], "malware_families": [ "Dynowiper", "Impacket", "Lazywiper", "Rubeus" ], "industries": [ "Manufacturing", "Energy" ], "unique_indicators": 47 }, "other": { "adversary": [ "Static Tundra" ], "malware_families": [ "Dynowiper", "Impacket", "Lazywiper", "Rubeus" ], "industries": [ "Manufacturing", "Energy" ], "unique_indicators": 47 } } }, "false_positive": [], "alexa": "", "whois": "http://whois.domaintools.com/31.172.71.5", "domain": "Unavailable", "hostname": "Unavailable" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 4, "pulses": [ { "id": "69f32ac81834d5a878e8fac0", "name": "Energy Sector Incident Report", "description": "On December 29, 2025, coordinated destructive cyberattacks targeted Poland's energy infrastructure during severe winter weather. Approximately 30 wind and solar farms, a manufacturing company, and a combined heat and power plant serving nearly 500,000 customers were affected. Attackers exploited vulnerable FortiGate perimeter devices using stolen credentials and default passwords to access industrial control systems. Multiple types of wiper malware, including DynoWiper and LazyWiper, were deployed to destroy data across IT and OT environments. While renewable facilities lost communication with distribution operators without affecting electricity generation, the incidents demonstrated significant capability to cause physical disruption. Infrastructure analysis revealed connections to threat clusters known as Static Tundra, Ghost Blizzard, and potentially Sandworm, marking a notable escalation in cyber-sabotage operations.", "modified": "2026-05-30T10:03:42.474000", "created": "2026-04-30T10:11:20.255000", "tags": [ "energy sector", "cve-2024-2617", "rubeus", "dynowiper", "lazywiper", "destructive operations", "fortigate exploitation", "combined heat power", "impacket", "renewable energy", "poland infrastructure", "industrial control systems", "wiper attack" ], "references": [ "https://cert.pl/uploads/docs/CERT_Polska_Energy_Sector_Incident_Report_2025.pdf" ], "public": 1, "adversary": "Static Tundra", "targeted_countries": [ "Poland" ], "malware_families": [ { "id": "DynoWiper", "display_name": "DynoWiper", "target": null }, { "id": "LazyWiper", "display_name": "LazyWiper", "target": null }, { "id": "Impacket", "display_name": "Impacket", "target": null }, { "id": "Rubeus", "display_name": "Rubeus", "target": null } ], "attack_ids": [], "industries": [ "Energy", "Manufacturing" ], "TLP": "white", "cloned_from": null, "export_count": 24, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 21, "FileHash-SHA1": 5, "FileHash-SHA256": 7, "URL": 5 }, "indicator_count": 38, "is_author": false, "is_subscribing": null, "subscriber_count": 386443, "modified_text": "8 hours ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69f3bd5aef3274f6820fabc7", "name": "\"E:\\CTIA-Tools\\CTIA Module 05 Data Analysis\\Microsoft Threat Modeling Tool\\TMT7.application\"", "description": "", "modified": "2026-05-30T10:03:42.474000", "created": "2026-04-30T20:36:42.625000", "tags": [ "energy sector", "cve-2024-2617", "rubeus", "dynowiper", "lazywiper", "destructive operations", "fortigate exploitation", "combined heat power", "impacket", "renewable energy", "poland infrastructure", "industrial control systems", "wiper attack" ], "references": [ "https://cert.pl/uploads/docs/CERT_Polska_Energy_Sector_Incident_Report_2025.pdf" ], "public": 1, "adversary": "Static Tundra", "targeted_countries": [ "Poland" ], "malware_families": [ { "id": "DynoWiper", "display_name": "DynoWiper", "target": null }, { "id": "LazyWiper", "display_name": "LazyWiper", "target": null }, { "id": "Impacket", "display_name": "Impacket", "target": null }, { "id": "Rubeus", "display_name": "Rubeus", "target": null } ], "attack_ids": [], "industries": [ "Energy", "Manufacturing" ], "TLP": "white", "cloned_from": "69f32ac81834d5a878e8fac0", "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "olivershippy", "id": "401750", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 21, "FileHash-SHA1": 5, "FileHash-SHA256": 7, "URL": 5 }, "indicator_count": 38, "is_author": false, "is_subscribing": null, "subscriber_count": 1, "modified_text": "8 hours ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69f3bd6814568df21249e586", "name": "\"E:\\CTIA-Tools\\CTIA Module 05 Data Analysis\\Microsoft Threat Modeling Tool\\TMT7.application\"", "description": "", "modified": "2026-05-30T10:03:42.474000", "created": "2026-04-30T20:36:56.263000", "tags": [ "energy sector", "cve-2024-2617", "rubeus", "dynowiper", "lazywiper", "destructive operations", "fortigate exploitation", "combined heat power", "impacket", "renewable energy", "poland infrastructure", "industrial control systems", "wiper attack" ], "references": [ "https://cert.pl/uploads/docs/CERT_Polska_Energy_Sector_Incident_Report_2025.pdf" ], "public": 1, "adversary": "Static Tundra", "targeted_countries": [ "Poland" ], "malware_families": [ { "id": "DynoWiper", "display_name": "DynoWiper", "target": null }, { "id": "LazyWiper", "display_name": "LazyWiper", "target": null }, { "id": "Impacket", "display_name": "Impacket", "target": null }, { "id": "Rubeus", "display_name": "Rubeus", "target": null } ], "attack_ids": [], "industries": [ "Energy", "Manufacturing" ], "TLP": "white", "cloned_from": "69f32ac81834d5a878e8fac0", "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "olivershippy", "id": "401750", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 21, "FileHash-SHA1": 5, "FileHash-SHA256": 7, "URL": 5 }, "indicator_count": 38, "is_author": false, "is_subscribing": null, "subscriber_count": 1, "modified_text": "8 hours ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69f82582e230f0f8170c97fa", "name": "Energy Sector Incident Report", "description": "", "modified": "2026-05-30T10:03:42.474000", "created": "2026-05-04T04:50:10.429000", "tags": [ "energy sector", "cve-2024-2617", "rubeus", "dynowiper", "lazywiper", "destructive operations", "fortigate exploitation", "combined heat power", "impacket", "renewable energy", "poland infrastructure", "industrial control systems", "wiper attack" ], "references": [ "https://cert.pl/uploads/docs/CERT_Polska_Energy_Sector_Incident_Report_2025.pdf" ], "public": 1, "adversary": "Static Tundra", "targeted_countries": [ "Poland" ], "malware_families": [ { "id": "DynoWiper", "display_name": "DynoWiper", "target": null }, { "id": "LazyWiper", "display_name": "LazyWiper", "target": null }, { "id": "Impacket", "display_name": "Impacket", "target": null }, { "id": "Rubeus", "display_name": "Rubeus", "target": null } ], "attack_ids": [], "industries": [ "Energy", "Manufacturing" ], "TLP": "white", "cloned_from": "69f32ac81834d5a878e8fac0", "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Tr1sa111", "id": "192483", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 21, "FileHash-SHA1": 5, "FileHash-SHA256": 7, "URL": 5 }, "indicator_count": 38, "is_author": false, "is_subscribing": null, "subscriber_count": 278, "modified_text": "8 hours ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "http://31.172.71.5:50443", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "http://31.172.71.5:50443", "type": "URL", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1780165588.283551 }