{ "type": "URL", "indicator": "http://dev.androidadbserver.com/jurassic/6c67d428.php", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "http://dev.androidadbserver.com/jurassic/6c67d428.php", "type": "url", "type_title": "URL", "validation": [], "base_indicator": { "id": 3905236252, "indicator": "http://dev.androidadbserver.com/jurassic/6c67d428.php", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 7, "pulses": [ { "id": "666bffda98d55b50133f5b84", "name": "Operation Celestial Force employs mobile and desktop malware to target Indian entities", "description": "Cisco Talos is disclosing a new malware campaign called 'Operation Celestial Force' conducted by a Pakistani nexus of threat actors called 'Cosmic Leopard'. This multi-year operation has been targeting Indian entities and individuals since at least 2018, employing the use of GravityRAT (an Android and Windows malware) and HeavyLift (a Windows malware loader). The campaigns are administered by a tool called GravityAdmin, which manages multiple codenamed campaigns simultaneously. The operation utilizes spear phishing and social engineering to infect targets, continuously expanding its malware suite, indicating a high degree of success.", "modified": "2024-06-14T08:37:20.677000", "created": "2024-06-14T08:31:22.475000", "tags": [ "surveillance", "targeted attacks", "gravityrat", "espionage", "HeavyLift" ], "references": [ "https://blog.talosintelligence.com/cosmic-leopard" ], "public": 1, "adversary": "Cosmic Leopard, Operation Celestial Force", "targeted_countries": [ "British Indian Ocean Territory", "India" ], "malware_families": [ { "id": "GravityRAT - S0237", "display_name": "GravityRAT - S0237", "target": null }, { "id": "HeavyLift", "display_name": "HeavyLift", "target": null } ], "attack_ids": [ { "id": "T1557", "name": "Man-in-the-Middle", "display_name": "T1557 - Man-in-the-Middle" }, { "id": "T1583", "name": "Acquire Infrastructure", "display_name": "T1583 - Acquire Infrastructure" }, { "id": "T1592", "name": "Gather Victim Host Information", "display_name": "T1592 - Gather Victim Host Information" }, { "id": "T1489", "name": "Service Stop", "display_name": "T1489 - Service Stop" }, { "id": "T1555", "name": "Credentials from Password Stores", "display_name": "T1555 - Credentials from Password Stores" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1608", "name": "Stage Capabilities", "display_name": "T1608 - Stage Capabilities" }, { "id": "T1204", "name": "User Execution", "display_name": "T1204 - User Execution" }, { "id": "T1597", "name": "Search Closed Sources", "display_name": "T1597 - Search Closed Sources" }, { "id": "T1486", "name": "Data Encrypted for Impact", "display_name": "T1486 - Data Encrypted for Impact" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1598", "name": "Phishing for Information", "display_name": "T1598 - Phishing for Information" }, { "id": "T1588", "name": "Obtain Capabilities", "display_name": "T1588 - Obtain Capabilities" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 373, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 7, "FileHash-SHA1": 5, "FileHash-SHA256": 16, "URL": 89, "domain": 21, "hostname": 42 }, "indicator_count": 180, "is_author": false, "is_subscribing": null, "subscriber_count": 387033, "modified_text": "718 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "67ae87cd59ca692d8cd74985", "name": "Operation Celestial Force employs mobile and desktop malware to target Indian entities", "description": "Cisco Talos is disclosing details of a new malware campaign being used by suspected Pakistani hackers to target Indian entities and government officials from the Indian subcontinent, including those belonging to government and defence sectors.", "modified": "2025-02-14T00:02:59.529000", "created": "2025-02-14T00:01:17.920000", "tags": [ "" ], "references": [], "public": 1, "adversary": "Pakistani", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 6, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Armature_TIP", "id": "308911", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_308911/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 36, "hostname": 22, "FileHash-MD5": 17, "FileHash-SHA1": 17, "FileHash-SHA256": 17, "URL": 44 }, "indicator_count": 153, "is_author": false, "is_subscribing": null, "subscriber_count": 42, "modified_text": "474 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6683bdd1247c16c5855518c7", "name": "Domain-URL-IP-Hash-IOC", "description": "Updated collection of malicious , malware , phishing ... etc of domain , UR , IP , Hashes", "modified": "2024-08-02T07:05:02.060000", "created": "2024-07-02T08:44:01.648000", "tags": [ "word" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 286, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Eslam-ElHelaly", "id": "259630", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_259630/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 2, "FileHash-MD5": 15, "FileHash-SHA1": 1, "FileHash-SHA256": 1, "URL": 2521, "domain": 8243, "email": 7, "hostname": 2893 }, "indicator_count": 13683, "is_author": false, "is_subscribing": null, "subscriber_count": 69, "modified_text": "670 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6683bdc8052a11fe921381a0", "name": "Domain-URL-IP-Hash-IOC", "description": "Updated collection of malicious , malware , phishing ... etc of domain , UR , IP , Hashes", "modified": "2024-08-01T08:02:48.060000", "created": "2024-07-02T08:43:52.203000", "tags": [ "word" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 11, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Eslam-ElHelaly", "id": "259630", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_259630/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 2, "FileHash-MD5": 15, "FileHash-SHA1": 1, "FileHash-SHA256": 1, "URL": 2409, "domain": 7836, "email": 7, "hostname": 2783 }, "indicator_count": 13054, "is_author": false, "is_subscribing": null, "subscriber_count": 69, "modified_text": "670 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6677d81e103e5cc6ed445b44", "name": "Unveiling SpiceRAT: SneakyChef's latest tool targeting EMEA and Asia", "description": "", "modified": "2024-07-23T08:01:09.620000", "created": "2024-06-23T08:09:01.754000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 11, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "text_account", "id": "221593", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 41, "FileHash-SHA1": 41, "FileHash-SHA256": 863, "URL": 78, "domain": 30, "hostname": 24 }, "indicator_count": 1077, "is_author": false, "is_subscribing": null, "subscriber_count": 53, "modified_text": "679 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "666e42704dfbcdc6215d0830", "name": "Malware Campaign Targeting Windows, Android and macOS", "description": "", "modified": "2024-06-16T01:40:00.287000", "created": "2024-06-16T01:40:00.287000", "tags": [ "https", "classification", "confidential", "http", "hashes", "sha256" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 17, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "cryptocti", "id": "110256", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_110256/resized/80/avatar_e237a4257c.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 15, "FileHash-SHA1": 15, "FileHash-SHA256": 17, "URL": 44, "domain": 18, "hostname": 21 }, "indicator_count": 130, "is_author": false, "is_subscribing": null, "subscriber_count": 500, "modified_text": "717 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "666c1346940472efbb99f1f4", "name": "Operation Celestial Force employs mobile and desktop malware to target Indian entities", "description": "", "modified": "2024-06-14T09:54:14.874000", "created": "2024-06-14T09:54:14.874000", "tags": [ "landing page top story", "malware", "apt", "top story", "gravityrat", "heavylift", "download", "cosmic leopard", "cisco secure", "dl01", "force", "talos", "mozillasecurity", "tl37", "android", "jupiter", "august", "bits", "zulu", "dropper" ], "references": [ "https://blog.talosintelligence.com/cosmic-leopard/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 25, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunter_NL", "id": "171283", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_171283/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 6, "FileHash-SHA1": 5, "FileHash-SHA256": 16, "URL": 45, "domain": 18, "hostname": 23 }, "indicator_count": 113, "is_author": false, "is_subscribing": null, "subscriber_count": 862, "modified_text": "718 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [ "https://blog.talosintelligence.com/cosmic-leopard/", "https://blog.talosintelligence.com/cosmic-leopard" ], "related": { "alienvault": { "adversary": [ "Cosmic Leopard, Operation Celestial Force" ], "malware_families": [ "Heavylift", "Gravityrat - s0237" ], "industries": [], "unique_indicators": 153 }, "other": { "adversary": [ "Pakistani" ], "malware_families": [], "industries": [], "unique_indicators": 14907 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/androidadbserver.com", "whois": "http://whois.domaintools.com/androidadbserver.com", "domain": "androidadbserver.com", "hostname": "dev.androidadbserver.com" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 7, "pulses": [ { "id": "666bffda98d55b50133f5b84", "name": "Operation Celestial Force employs mobile and desktop malware to target Indian entities", "description": "Cisco Talos is disclosing a new malware campaign called 'Operation Celestial Force' conducted by a Pakistani nexus of threat actors called 'Cosmic Leopard'. This multi-year operation has been targeting Indian entities and individuals since at least 2018, employing the use of GravityRAT (an Android and Windows malware) and HeavyLift (a Windows malware loader). The campaigns are administered by a tool called GravityAdmin, which manages multiple codenamed campaigns simultaneously. The operation utilizes spear phishing and social engineering to infect targets, continuously expanding its malware suite, indicating a high degree of success.", "modified": "2024-06-14T08:37:20.677000", "created": "2024-06-14T08:31:22.475000", "tags": [ "surveillance", "targeted attacks", "gravityrat", "espionage", "HeavyLift" ], "references": [ "https://blog.talosintelligence.com/cosmic-leopard" ], "public": 1, "adversary": "Cosmic Leopard, Operation Celestial Force", "targeted_countries": [ "British Indian Ocean Territory", "India" ], "malware_families": [ { "id": "GravityRAT - S0237", "display_name": "GravityRAT - S0237", "target": null }, { "id": "HeavyLift", "display_name": "HeavyLift", "target": null } ], "attack_ids": [ { "id": "T1557", "name": "Man-in-the-Middle", "display_name": "T1557 - Man-in-the-Middle" }, { "id": "T1583", "name": "Acquire Infrastructure", "display_name": "T1583 - Acquire Infrastructure" }, { "id": "T1592", "name": "Gather Victim Host Information", "display_name": "T1592 - Gather Victim Host Information" }, { "id": "T1489", "name": "Service Stop", "display_name": "T1489 - Service Stop" }, { "id": "T1555", "name": "Credentials from Password Stores", "display_name": "T1555 - Credentials from Password Stores" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1608", "name": "Stage Capabilities", "display_name": "T1608 - Stage Capabilities" }, { "id": "T1204", "name": "User Execution", "display_name": "T1204 - User Execution" }, { "id": "T1597", "name": "Search Closed Sources", "display_name": "T1597 - Search Closed Sources" }, { "id": "T1486", "name": "Data Encrypted for Impact", "display_name": "T1486 - Data Encrypted for Impact" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1598", "name": "Phishing for Information", "display_name": "T1598 - Phishing for Information" }, { "id": "T1588", "name": "Obtain Capabilities", "display_name": "T1588 - Obtain Capabilities" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 373, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 7, "FileHash-SHA1": 5, "FileHash-SHA256": 16, "URL": 89, "domain": 21, "hostname": 42 }, "indicator_count": 180, "is_author": false, "is_subscribing": null, "subscriber_count": 387033, "modified_text": "718 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "67ae87cd59ca692d8cd74985", "name": "Operation Celestial Force employs mobile and desktop malware to target Indian entities", "description": "Cisco Talos is disclosing details of a new malware campaign being used by suspected Pakistani hackers to target Indian entities and government officials from the Indian subcontinent, including those belonging to government and defence sectors.", "modified": "2025-02-14T00:02:59.529000", "created": "2025-02-14T00:01:17.920000", "tags": [ "" ], "references": [], "public": 1, "adversary": "Pakistani", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 6, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Armature_TIP", "id": "308911", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_308911/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 36, "hostname": 22, "FileHash-MD5": 17, "FileHash-SHA1": 17, "FileHash-SHA256": 17, "URL": 44 }, "indicator_count": 153, "is_author": false, "is_subscribing": null, "subscriber_count": 42, "modified_text": "474 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6683bdd1247c16c5855518c7", "name": "Domain-URL-IP-Hash-IOC", "description": "Updated collection of malicious , malware , phishing ... etc of domain , UR , IP , Hashes", "modified": "2024-08-02T07:05:02.060000", "created": "2024-07-02T08:44:01.648000", "tags": [ "word" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 286, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Eslam-ElHelaly", "id": "259630", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_259630/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 2, "FileHash-MD5": 15, "FileHash-SHA1": 1, "FileHash-SHA256": 1, "URL": 2521, "domain": 8243, "email": 7, "hostname": 2893 }, "indicator_count": 13683, "is_author": false, "is_subscribing": null, "subscriber_count": 69, "modified_text": "670 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6683bdc8052a11fe921381a0", "name": "Domain-URL-IP-Hash-IOC", "description": "Updated collection of malicious , malware , phishing ... etc of domain , UR , IP , Hashes", "modified": "2024-08-01T08:02:48.060000", "created": "2024-07-02T08:43:52.203000", "tags": [ "word" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 11, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Eslam-ElHelaly", "id": "259630", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_259630/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 2, "FileHash-MD5": 15, "FileHash-SHA1": 1, "FileHash-SHA256": 1, "URL": 2409, "domain": 7836, "email": 7, "hostname": 2783 }, "indicator_count": 13054, "is_author": false, "is_subscribing": null, "subscriber_count": 69, "modified_text": "670 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6677d81e103e5cc6ed445b44", "name": "Unveiling SpiceRAT: SneakyChef's latest tool targeting EMEA and Asia", "description": "", "modified": "2024-07-23T08:01:09.620000", "created": "2024-06-23T08:09:01.754000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 11, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "text_account", "id": "221593", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 41, "FileHash-SHA1": 41, "FileHash-SHA256": 863, "URL": 78, "domain": 30, "hostname": 24 }, "indicator_count": 1077, "is_author": false, "is_subscribing": null, "subscriber_count": 53, "modified_text": "679 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "666e42704dfbcdc6215d0830", "name": "Malware Campaign Targeting Windows, Android and macOS", "description": "", "modified": "2024-06-16T01:40:00.287000", "created": "2024-06-16T01:40:00.287000", "tags": [ "https", "classification", "confidential", "http", "hashes", "sha256" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 17, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "cryptocti", "id": "110256", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_110256/resized/80/avatar_e237a4257c.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 15, "FileHash-SHA1": 15, "FileHash-SHA256": 17, "URL": 44, "domain": 18, "hostname": 21 }, "indicator_count": 130, "is_author": false, "is_subscribing": null, "subscriber_count": 500, "modified_text": "717 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "666c1346940472efbb99f1f4", "name": "Operation Celestial Force employs mobile and desktop malware to target Indian entities", "description": "", "modified": "2024-06-14T09:54:14.874000", "created": "2024-06-14T09:54:14.874000", "tags": [ "landing page top story", "malware", "apt", "top story", "gravityrat", "heavylift", "download", "cosmic leopard", "cisco secure", "dl01", "force", "talos", "mozillasecurity", "tl37", "android", "jupiter", "august", "bits", "zulu", "dropper" ], "references": [ "https://blog.talosintelligence.com/cosmic-leopard/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 25, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunter_NL", "id": "171283", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_171283/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 6, "FileHash-SHA1": 5, "FileHash-SHA256": 16, "URL": 45, "domain": 18, "hostname": 23 }, "indicator_count": 113, "is_author": false, "is_subscribing": null, "subscriber_count": 862, "modified_text": "718 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "http://dev.androidadbserver.com/jurassic/6c67d428.php", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "http://dev.androidadbserver.com/jurassic/6c67d428.php", "type": "URL", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1780472655.2416525 }