{ "type": "URL", "indicator": "https://cybersecuritynews.co", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "https://cybersecuritynews.co", "type": "url", "type_title": "URL", "validation": [], "base_indicator": { "id": 4049037536, "indicator": "https://cybersecuritynews.co", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 14, "pulses": [ { "id": "6a12fbc0117778eaba6e378a", "name": "EbeeMay2026 Pt3", "description": "Multiple APT/threat actors, Malware and Campaigns", "modified": "2026-05-24T13:23:12.428000", "created": "2026-05-24T13:23:12.428000", "tags": [ "filehashsha256", "filehashmd5", "filehashsha1", "rnuarbvf url", "z5brjsogj789", "da6ah3", "goceqc6sk" ], "references": [], "public": 1, "adversary": "Seedworm, Amadey Botnet, Sorry, Leveraging Rclone, Campaign Abuses Google Tag Manager", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "IMEBEEIMFINE", "id": "343873", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "IPv4": 84, "URL": 63, "CVE": 21, "FileHash-MD5": 204, "FileHash-SHA1": 197, "FileHash-SHA256": 220, "domain": 122, "email": 13, "hostname": 99 }, "indicator_count": 1023, "is_author": false, "is_subscribing": null, "subscriber_count": 39, "modified_text": "6 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6a0b3a8963949e3e75615390", "name": "Device Code Phishing Attacks Targeting Microsoft 365 Accounts", "description": "A full list of key data, compiled by the University of Glasgow, has been released.. and will appear on the BBC News website at 21:00 BST on Friday, 16 May 2026", "modified": "2026-05-18T16:12:57.537000", "created": "2026-05-18T16:12:57.537000", "tags": [ "https", "ctia type", "date", "time" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "cryptocti", "id": "110256", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_110256/resized/80/avatar_e237a4257c.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 1, "domain": 6, "hostname": 1 }, "indicator_count": 8, "is_author": false, "is_subscribing": null, "subscriber_count": 501, "modified_text": "12 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69570afa40240f8a830cfb96", "name": "Magecart Attack Hijacks Payment Card and Account Creation Data", "description": "A large-scale web skimming operation was observed targeting online\nshoppers and account holders in a large scale across the internet. Over 50\nmalicious scripts often disguised as legitimate code was used to intercept\nsensitive information during checkout and account creation processes.", "modified": "2026-01-02T00:02:02.940000", "created": "2026-01-02T00:02:02.940000", "tags": [ "jquery", "bootstrap", "htojar", "claritycrown", "opencart", "analyticsdn", "hotanalytic", "stupify", "staticsinfo" ], "references": [ "December 02nd, 2026 - CryptoGen Cyber Threat Intelligence Advisory #8841 - Magecart Attack Hijacks Checkout and Account Creation Data.pdf" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "cryptocti", "id": "110256", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_110256/resized/80/avatar_e237a4257c.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 16, "URL": 1 }, "indicator_count": 17, "is_author": false, "is_subscribing": null, "subscriber_count": 499, "modified_text": "149 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "692d7519544b62e86aa47157", "name": "EbeeNov2025 Pt5", "description": "Multiple APT/threat actors, Malware and Campaigns", "modified": "2025-12-31T10:00:16.038000", "created": "2025-12-01T10:59:37.970000", "tags": [ "filehashsha256", "filehashmd5", "filehashsha1", "filepath", "cve20243721 cve", "cve20131599 cve", "cve20143206 cve", "cve20179841 cve", "cve20199082 cve", "cve20208958 cve" ], "references": [ "Book1.csv" ], "public": 1, "adversary": "APT24, Autumn Dragon, Operation DreamJob, Water Gamayun, Shai-Hulud Campaign Infecting Macs via Face", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "IMEBEEIMFINE", "id": "343873", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 54, "CVE": 35, "FileHash-MD5": 221, "FileHash-SHA1": 188, "FileHash-SHA256": 232, "domain": 150, "email": 1, "hostname": 40 }, "indicator_count": 921, "is_author": false, "is_subscribing": null, "subscriber_count": 40, "modified_text": "150 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69258ec9f2e8abc71efb55e6", "name": "Fake Windows Update Screens Used by ClickFix to Deliver Steganographic Malware", "description": "New wave of clickFix attacks is identified to abuse highly realistic fake Windows\n Update screens and PNG image steganography to secretly deploy info stealing\n malware.", "modified": "2025-12-25T11:00:36.098000", "created": "2025-11-25T11:11:05.181000", "tags": [], "references": [ "November 25th, 2025 - CryptoGen Cyber Threat Intelligence Advisory #8637 - Fake Windows Update Screens Used by ClickFix to Deliver Steganographic Malware.pdf" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "cryptocti", "id": "110256", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_110256/resized/80/avatar_e237a4257c.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 19, "domain": 23 }, "indicator_count": 42, "is_author": false, "is_subscribing": null, "subscriber_count": 499, "modified_text": "156 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "68fe0b464c16859b29c5a467", "name": "Caminho Malware Conceals Payloads Within Image Files", "description": "Sophisticated malware operation has emerged from Brazil which leverages\nadvanced steganographic techniques to hide malicious payloads within seemingly\nharmless image files.", "modified": "2025-11-25T11:01:31.826000", "created": "2025-10-26T11:51:34.654000", "tags": [ "https", "hashes", "urls", "update", "siem", "iocs", "conduct", "domains" ], "references": [], "public": 1, "adversary": "CryptoGen Cyber Threat Intelligence Advisory", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 13, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "cryptocti", "id": "110256", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_110256/resized/80/avatar_e237a4257c.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 23, "URL": 2, "domain": 4 }, "indicator_count": 29, "is_author": false, "is_subscribing": null, "subscriber_count": 500, "modified_text": "186 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "68db2f8bb9b536706e266dc9", "name": "Acreed Info Stealer Targets Browser Credentials and Crypto Wallets", "description": "Acreed is a lean and stealthy infostealer distributed alongside log packages by the actor \u201cNuez\u201d.", "modified": "2025-10-30T01:02:32.611000", "created": "2025-09-30T01:16:59.991000", "tags": [], "references": [ "September 30th, 2025 - CryptoGen Cyber Threat Intelligence Advisory #8257- Acreed Info Stealer Targets Browser Credentials and Crypto Wallets .pdf" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "cryptocti", "id": "110256", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_110256/resized/80/avatar_e237a4257c.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 3, "FileHash-SHA1": 3, "FileHash-SHA256": 17, "URL": 2, "domain": 5, "hostname": 11 }, "indicator_count": 41, "is_author": false, "is_subscribing": null, "subscriber_count": 501, "modified_text": "213 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "68b37d0c24f2b7d302f77698", "name": "New TAOTH Campaign Exploits End-of-Support Software to Distribute Malware", "description": "Recently identified campaign dubbed as TAOTH leverages end-of-support software to deliver malware through a legitimate input method editor (IME) application called \u201cSogou Zhuyin\u201d.", "modified": "2025-09-29T22:06:09.827000", "created": "2025-08-30T22:37:00.488000", "tags": [ "hash", "sha256", "domains", "ip addresses", "mitigation", "keep", "update siem", "iocs", "conduct", "urls" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 25, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "cryptocti", "id": "110256", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_110256/resized/80/avatar_e237a4257c.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 6, "FileHash-SHA1": 6, "FileHash-SHA256": 17, "URL": 2, "domain": 2, "hostname": 6 }, "indicator_count": 39, "is_author": false, "is_subscribing": null, "subscriber_count": 500, "modified_text": "243 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6893feb754758584ecadc60c", "name": "ClickTok Malware Campaign Targets TikTok Shop Users Worldwide", "description": "A new malware campaign dubbed \"ClickTok\" has emerged as a significant threat to TikTok Shop users worldwide which over 10,000 malicious domains identified.", "modified": "2025-09-06T01:01:15.842000", "created": "2025-08-07T01:17:43.912000", "tags": [ "https", "hashes", "update", "siem", "iocs", "conduct", "urls" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 9, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "cryptocti", "id": "110256", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_110256/resized/80/avatar_e237a4257c.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 56, "FileHash-SHA1": 36, "FileHash-SHA256": 36, "URL": 6, "domain": 6, "hostname": 21 }, "indicator_count": 161, "is_author": false, "is_subscribing": null, "subscriber_count": 499, "modified_text": "267 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "68b102c406ea182dcf3570a1", "name": "ShadowSilk Leveraging Penetration Testing to Attack Organizations", "description": "ShadowSilk is a sophisticated threat cluster targeting government organizations\nacross central Asia and broader APAC region.", "modified": "2025-08-29T01:30:44.349000", "created": "2025-08-29T01:30:44.349000", "tags": [ "update", "siem", "iocs", "conduct", "hashes" ], "references": [], "public": 1, "adversary": "CryptoGen Cyber Threat Intelligence Advisory", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 24, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "cryptocti", "id": "110256", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_110256/resized/80/avatar_e237a4257c.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA1": 28, "URL": 3, "domain": 6, "hostname": 11 }, "indicator_count": 48, "is_author": false, "is_subscribing": null, "subscriber_count": 499, "modified_text": "275 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "683906b0a28051dc93470a99", "name": "Interlock Ransomware Threatens Corporate Networks via NodeSnake RAT", "description": "A full list of key findings from a study by the University of California, Berkeley, and the International Institute of Strategic Studies (IISS), published on 1 April 2017:. (Noon):", "modified": "2025-06-29T01:03:13.228000", "created": "2025-05-30T01:15:28.763000", "tags": [ "hashes", "domain", "sha1", "sha256", "ip mitigation", "strategies", "conduct", "keep antivirus", "update siem", "iocs" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 17, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "cryptocti", "id": "110256", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_110256/resized/80/avatar_e237a4257c.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 4, "FileHash-SHA1": 4, "FileHash-SHA256": 5, "URL": 1, "domain": 3, "hostname": 9 }, "indicator_count": 26, "is_author": false, "is_subscribing": null, "subscriber_count": 499, "modified_text": "336 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6818fb9a89b821c4c7636049", "name": "Shuckworm Deploys GammaSteel Malware in Advanced Cyber Espionage Campaign", "description": "The Shuckworm group also known as Gamaredon or Armageddon has intensified its cyber espionage efforts focusing on Ukraine and extending its attacks to a Western military mission in Eastern Europe.", "modified": "2025-06-04T17:05:34.134000", "created": "2025-05-05T17:55:38.024000", "tags": [ "update", "siem", "iocs", "conduct", "hashes", "sha256", "ctia type", "date", "april", "time" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 9, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "cryptocti", "id": "110256", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_110256/resized/80/avatar_e237a4257c.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 2, "URL": 1, "domain": 1, "hostname": 40 }, "indicator_count": 44, "is_author": false, "is_subscribing": null, "subscriber_count": 499, "modified_text": "360 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "67ef237e2f35b330c2ab021c", "name": "Hackers Use WRECKSTEEL to Steal Information from Computers", "description": "Ukrainian government agencies are facing targeted cyberattacks which are gained\nby threat actor named UAC-0219 using information stealer WRECKSTEEL.", "modified": "2025-05-04T00:01:23.300000", "created": "2025-04-04T00:10:38.961000", "tags": [ "keep", "update siem", "iocs", "conduct", "https", "hxxp", "ctia type", "date", "april", "time" ], "references": [], "public": 1, "adversary": "CryptoGen Cyber Threat Intelligence Advisory", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 9, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "cryptocti", "id": "110256", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_110256/resized/80/avatar_e237a4257c.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 4, "FileHash-SHA1": 1, "FileHash-SHA256": 24, "URL": 26, "domain": 10, "hostname": 1 }, "indicator_count": 66, "is_author": false, "is_subscribing": null, "subscriber_count": 499, "modified_text": "392 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "67da1922c6176ae1dda3f448", "name": "ClearFake Leverages Fake reCAPTCHA to Deliver Malicious PowerShell Codes", "description": "ClearFake which is a malicious JavaScript framework, leverages fake\nreCAPTCHA to trick users to deliver malicious PowerShell codes.", "modified": "2025-04-18T01:04:02.425000", "created": "2025-03-19T01:08:50.730000", "tags": [ "iocs", "conduct", "https", "urls", "update", "siem", "strategies", "update siem" ], "references": [], "public": 1, "adversary": "CryptoGen Cyber Threat Intelligence Advisory", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 16, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "cryptocti", "id": "110256", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_110256/resized/80/avatar_e237a4257c.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 32, "domain": 7, "hostname": 11 }, "indicator_count": 50, "is_author": false, "is_subscribing": null, "subscriber_count": 499, "modified_text": "408 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [ "November 25th, 2025 - CryptoGen Cyber Threat Intelligence Advisory #8637 - Fake Windows Update Screens Used by ClickFix to Deliver Steganographic Malware.pdf", "Book1.csv", "December 02nd, 2026 - CryptoGen Cyber Threat Intelligence Advisory #8841 - Magecart Attack Hijacks Checkout and Account Creation Data.pdf", "September 30th, 2025 - CryptoGen Cyber Threat Intelligence Advisory #8257- Acreed Info Stealer Targets Browser Credentials and Crypto Wallets .pdf" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 0 }, "other": { "adversary": [ "CryptoGen Cyber Threat Intelligence Advisory", "APT24, Autumn Dragon, Operation DreamJob, Water Gamayun, Shai-Hulud Campaign Infecting Macs via Face", "Seedworm, Amadey Botnet, Sorry, Leveraging Rclone, Campaign Abuses Google Tag Manager" ], "malware_families": [], "industries": [], "unique_indicators": 2584 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/cybersecuritynews.co", "whois": "http://whois.domaintools.com/cybersecuritynews.co", "domain": "cybersecuritynews.co", "hostname": "Unavailable" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 14, "pulses": [ { "id": "6a12fbc0117778eaba6e378a", "name": "EbeeMay2026 Pt3", "description": "Multiple APT/threat actors, Malware and Campaigns", "modified": "2026-05-24T13:23:12.428000", "created": "2026-05-24T13:23:12.428000", "tags": [ "filehashsha256", "filehashmd5", "filehashsha1", "rnuarbvf url", "z5brjsogj789", "da6ah3", "goceqc6sk" ], "references": [], "public": 1, "adversary": "Seedworm, Amadey Botnet, Sorry, Leveraging Rclone, Campaign Abuses Google Tag Manager", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "IMEBEEIMFINE", "id": "343873", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "IPv4": 84, "URL": 63, "CVE": 21, "FileHash-MD5": 204, "FileHash-SHA1": 197, "FileHash-SHA256": 220, "domain": 122, "email": 13, "hostname": 99 }, "indicator_count": 1023, "is_author": false, "is_subscribing": null, "subscriber_count": 39, "modified_text": "6 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6a0b3a8963949e3e75615390", "name": "Device Code Phishing Attacks Targeting Microsoft 365 Accounts", "description": "A full list of key data, compiled by the University of Glasgow, has been released.. and will appear on the BBC News website at 21:00 BST on Friday, 16 May 2026", "modified": "2026-05-18T16:12:57.537000", "created": "2026-05-18T16:12:57.537000", "tags": [ "https", "ctia type", "date", "time" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "cryptocti", "id": "110256", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_110256/resized/80/avatar_e237a4257c.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 1, "domain": 6, "hostname": 1 }, "indicator_count": 8, "is_author": false, "is_subscribing": null, "subscriber_count": 501, "modified_text": "12 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69570afa40240f8a830cfb96", "name": "Magecart Attack Hijacks Payment Card and Account Creation Data", "description": "A large-scale web skimming operation was observed targeting online\nshoppers and account holders in a large scale across the internet. Over 50\nmalicious scripts often disguised as legitimate code was used to intercept\nsensitive information during checkout and account creation processes.", "modified": "2026-01-02T00:02:02.940000", "created": "2026-01-02T00:02:02.940000", "tags": [ "jquery", "bootstrap", "htojar", "claritycrown", "opencart", "analyticsdn", "hotanalytic", "stupify", "staticsinfo" ], "references": [ "December 02nd, 2026 - CryptoGen Cyber Threat Intelligence Advisory #8841 - Magecart Attack Hijacks Checkout and Account Creation Data.pdf" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "cryptocti", "id": "110256", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_110256/resized/80/avatar_e237a4257c.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 16, "URL": 1 }, "indicator_count": 17, "is_author": false, "is_subscribing": null, "subscriber_count": 499, "modified_text": "149 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "692d7519544b62e86aa47157", "name": "EbeeNov2025 Pt5", "description": "Multiple APT/threat actors, Malware and Campaigns", "modified": "2025-12-31T10:00:16.038000", "created": "2025-12-01T10:59:37.970000", "tags": [ "filehashsha256", "filehashmd5", "filehashsha1", "filepath", "cve20243721 cve", "cve20131599 cve", "cve20143206 cve", "cve20179841 cve", "cve20199082 cve", "cve20208958 cve" ], "references": [ "Book1.csv" ], "public": 1, "adversary": "APT24, Autumn Dragon, Operation DreamJob, Water Gamayun, Shai-Hulud Campaign Infecting Macs via Face", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "IMEBEEIMFINE", "id": "343873", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 54, "CVE": 35, "FileHash-MD5": 221, "FileHash-SHA1": 188, "FileHash-SHA256": 232, "domain": 150, "email": 1, "hostname": 40 }, "indicator_count": 921, "is_author": false, "is_subscribing": null, "subscriber_count": 40, "modified_text": "150 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69258ec9f2e8abc71efb55e6", "name": "Fake Windows Update Screens Used by ClickFix to Deliver Steganographic Malware", "description": "New wave of clickFix attacks is identified to abuse highly realistic fake Windows\n Update screens and PNG image steganography to secretly deploy info stealing\n malware.", "modified": "2025-12-25T11:00:36.098000", "created": "2025-11-25T11:11:05.181000", "tags": [], "references": [ "November 25th, 2025 - CryptoGen Cyber Threat Intelligence Advisory #8637 - Fake Windows Update Screens Used by ClickFix to Deliver Steganographic Malware.pdf" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "cryptocti", "id": "110256", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_110256/resized/80/avatar_e237a4257c.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 19, "domain": 23 }, "indicator_count": 42, "is_author": false, "is_subscribing": null, "subscriber_count": 499, "modified_text": "156 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "68fe0b464c16859b29c5a467", "name": "Caminho Malware Conceals Payloads Within Image Files", "description": "Sophisticated malware operation has emerged from Brazil which leverages\nadvanced steganographic techniques to hide malicious payloads within seemingly\nharmless image files.", "modified": "2025-11-25T11:01:31.826000", "created": "2025-10-26T11:51:34.654000", "tags": [ "https", "hashes", "urls", "update", "siem", "iocs", "conduct", "domains" ], "references": [], "public": 1, "adversary": "CryptoGen Cyber Threat Intelligence Advisory", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 13, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "cryptocti", "id": "110256", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_110256/resized/80/avatar_e237a4257c.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 23, "URL": 2, "domain": 4 }, "indicator_count": 29, "is_author": false, "is_subscribing": null, "subscriber_count": 500, "modified_text": "186 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "68db2f8bb9b536706e266dc9", "name": "Acreed Info Stealer Targets Browser Credentials and Crypto Wallets", "description": "Acreed is a lean and stealthy infostealer distributed alongside log packages by the actor \u201cNuez\u201d.", "modified": "2025-10-30T01:02:32.611000", "created": "2025-09-30T01:16:59.991000", "tags": [], "references": [ "September 30th, 2025 - CryptoGen Cyber Threat Intelligence Advisory #8257- Acreed Info Stealer Targets Browser Credentials and Crypto Wallets .pdf" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "cryptocti", "id": "110256", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_110256/resized/80/avatar_e237a4257c.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 3, "FileHash-SHA1": 3, "FileHash-SHA256": 17, "URL": 2, "domain": 5, "hostname": 11 }, "indicator_count": 41, "is_author": false, "is_subscribing": null, "subscriber_count": 501, "modified_text": "213 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "68b37d0c24f2b7d302f77698", "name": "New TAOTH Campaign Exploits End-of-Support Software to Distribute Malware", "description": "Recently identified campaign dubbed as TAOTH leverages end-of-support software to deliver malware through a legitimate input method editor (IME) application called \u201cSogou Zhuyin\u201d.", "modified": "2025-09-29T22:06:09.827000", "created": "2025-08-30T22:37:00.488000", "tags": [ "hash", "sha256", "domains", "ip addresses", "mitigation", "keep", "update siem", "iocs", "conduct", "urls" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 25, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "cryptocti", "id": "110256", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_110256/resized/80/avatar_e237a4257c.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 6, "FileHash-SHA1": 6, "FileHash-SHA256": 17, "URL": 2, "domain": 2, "hostname": 6 }, "indicator_count": 39, "is_author": false, "is_subscribing": null, "subscriber_count": 500, "modified_text": "243 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6893feb754758584ecadc60c", "name": "ClickTok Malware Campaign Targets TikTok Shop Users Worldwide", "description": "A new malware campaign dubbed \"ClickTok\" has emerged as a significant threat to TikTok Shop users worldwide which over 10,000 malicious domains identified.", "modified": "2025-09-06T01:01:15.842000", "created": "2025-08-07T01:17:43.912000", "tags": [ "https", "hashes", "update", "siem", "iocs", "conduct", "urls" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 9, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "cryptocti", "id": "110256", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_110256/resized/80/avatar_e237a4257c.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 56, "FileHash-SHA1": 36, "FileHash-SHA256": 36, "URL": 6, "domain": 6, "hostname": 21 }, "indicator_count": 161, "is_author": false, "is_subscribing": null, "subscriber_count": 499, "modified_text": "267 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "68b102c406ea182dcf3570a1", "name": "ShadowSilk Leveraging Penetration Testing to Attack Organizations", "description": "ShadowSilk is a sophisticated threat cluster targeting government organizations\nacross central Asia and broader APAC region.", "modified": "2025-08-29T01:30:44.349000", "created": "2025-08-29T01:30:44.349000", "tags": [ "update", "siem", "iocs", "conduct", "hashes" ], "references": [], "public": 1, "adversary": "CryptoGen Cyber Threat Intelligence Advisory", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 24, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "cryptocti", "id": "110256", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_110256/resized/80/avatar_e237a4257c.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA1": 28, "URL": 3, "domain": 6, "hostname": 11 }, "indicator_count": 48, "is_author": false, "is_subscribing": null, "subscriber_count": 499, "modified_text": "275 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "https://cybersecuritynews.co", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "https://cybersecuritynews.co", "type": "URL", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1780206575.957332 }