{ "type": "URL", "indicator": "https://evilginx.redpacketsecurity.com", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "https://evilginx.redpacketsecurity.com", "type": "url", "type_title": "URL", "validation": [], "base_indicator": { "id": 4158769662, "indicator": "https://evilginx.redpacketsecurity.com", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 2, "pulses": [ { "id": "6935d7d4979c94d296e4b033", "name": "New Exploits | CVE\u2019s | 12.07.2025", "description": "", "modified": "2026-01-06T00:03:32.099000", "created": "2025-12-07T19:39:00.258000", "tags": [], "references": [ "Phishing: https://www.redpacketsecurity.com/coinbasecartel-ransomware-victim-cinvestav/", "https://www.redpacketsecurity.com/cve-alert-cve-2025-59230-microsoft-windows-10-version-1809/", "https://www.redpacketsecurity.com/cve_alert_cve-2024-12847/", "https://www.redpacketsecurity.com/cve_alert_cve-2025-4135/", "https://www.redpacketsecurity.com/cve_alert_cve-2025-4140/", "https://www.redpacketsecurity.com/cve_alert_cve-2025-4142/", "https://www.redpacketsecurity.com/cve_alert_cve-2025-45492/", "https://www.redpacketsecurity.com/firefox-0day-cve-2015-4495/" ], "public": 1, "adversary": "Coinbase Cartel", "targeted_countries": [ "United States of America", "Bangladesh", "Sweden", "Japan" ], "malware_families": [ { "id": "Exploit:Linux/CVE-2017-17215", "display_name": "Exploit:Linux/CVE-2017-17215", "target": "/malware/Exploit:Linux/CVE-2017-17215" }, { "id": "Exploit:JS/CVE-2014-0322", "display_name": "Exploit:JS/CVE-2014-0322", "target": "/malware/Exploit:JS/CVE-2014-0322" }, { "id": "CVE-2015-4495", "display_name": "CVE-2015-4495", "target": null }, { "id": "CVE-2024-12847", "display_name": "CVE-2024-12847", "target": null }, { "id": "CVE-2025-11727", "display_name": "CVE-2025-11727", "target": null }, { "id": "CVE-2025-4135", "display_name": "CVE-2025-4135", "target": null }, { "id": "CVE-2025-4140", "display_name": "CVE-2025-4140", "target": null }, { "id": "CVE-2025-4142", "display_name": "CVE-2025-4142", "target": null }, { "id": "CVE-2025-45492", "display_name": "CVE-2025-45492", "target": null }, { "id": "CVE-2025-59230", "display_name": "CVE-2025-59230", "target": null } ], "attack_ids": [ { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1482", "name": "Domain Trust Discovery", "display_name": "T1482 - Domain Trust Discovery" } ], "industries": [ "Education" ], "TLP": "green", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 523, "CVE": 10, "domain": 44, "hostname": 149, "FileHash-MD5": 30, "FileHash-SHA1": 21, "FileHash-SHA256": 133 }, "indicator_count": 910, "is_author": false, "is_subscribing": null, "subscriber_count": 139, "modified_text": "103 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6935ef5c19e35c43e6908694", "name": "COINBASE CARTEL - RedPacketSecurity[.]com \u2022 CVE BANK", "description": "Based on information gathered ; researchers have attempted to warned (Netgear. / Targets) early. Exploits a CVE Bank under DGA domain name : Red Packet Security [.] com.\n\nContact information redacted. Other information shows a Tijuana , Mexico Address . Contact name is a Mexican / Hispanic Forename & Surname . Accuracy unknown. Not including in references.\n\nHas explored for sum time using different DGA\u2019s. One reference from an informative , three year old Pulse ( by blokchanz ) included in references.", "modified": "2026-01-06T00:03:32.099000", "created": "2025-12-07T21:19:24.529000", "tags": [ "active", "cve", "critical", "phishing", "trojan", "ransomware", "buffer overflow", "file corruption", "meta", "form", "cloudflare", "cve bank", "mimick kimsuky", "target", "netgear", "apt73", "motion capture", "red packet", "security", "mexico", "united states", "dga", "contacted by researchers", "exploits", "remote", "manipulation", "tijuana" ], "references": [ "Relationship by blokchanz -> https://otx.alienvault.com/pulse/63819ac31fc0ad0b85e90f9f" ], "public": 1, "adversary": "COINBASE CARTEL", "targeted_countries": [ "United States of America", "Bangladesh", "Sweden", "Korea, Republic of", "Japan" ], "malware_families": [], "attack_ids": [], "industries": [ "Education", "Institutions" ], "TLP": "green", "cloned_from": null, "export_count": 10, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 103, "FileHash-MD5": 25, "FileHash-SHA1": 16, "FileHash-SHA256": 14, "CVE": 12, "domain": 4, "hostname": 12, "email": 1 }, "indicator_count": 187, "is_author": false, "is_subscribing": null, "subscriber_count": 139, "modified_text": "103 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [ "https://www.redpacketsecurity.com/cve_alert_cve-2025-4135/", "https://www.redpacketsecurity.com/cve_alert_cve-2024-12847/", "https://www.redpacketsecurity.com/cve-alert-cve-2025-59230-microsoft-windows-10-version-1809/", "https://www.redpacketsecurity.com/firefox-0day-cve-2015-4495/", "Relationship by blokchanz -> https://otx.alienvault.com/pulse/63819ac31fc0ad0b85e90f9f", "Phishing: https://www.redpacketsecurity.com/coinbasecartel-ransomware-victim-cinvestav/", "https://www.redpacketsecurity.com/cve_alert_cve-2025-45492/", "https://www.redpacketsecurity.com/cve_alert_cve-2025-4140/", "https://www.redpacketsecurity.com/cve_alert_cve-2025-4142/" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 0 }, "other": { "adversary": [ "COINBASE CARTEL", "Coinbase Cartel" ], "malware_families": [ "Exploit:linux/cve-2017-17215", "Cve-2025-45492", "Cve-2025-4135", "Cve-2024-12847", "Cve-2025-4140", "Cve-2025-4142", "Cve-2025-11727", "Cve-2015-4495", "Cve-2025-59230", "Exploit:js/cve-2014-0322" ], "industries": [ "Education", "Institutions" ], "unique_indicators": 1053 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/redpacketsecurity.com", "whois": "http://whois.domaintools.com/redpacketsecurity.com", "domain": "redpacketsecurity.com", "hostname": "evilginx.redpacketsecurity.com" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 2, "pulses": [ { "id": "6935d7d4979c94d296e4b033", "name": "New Exploits | CVE\u2019s | 12.07.2025", "description": "", "modified": "2026-01-06T00:03:32.099000", "created": "2025-12-07T19:39:00.258000", "tags": [], "references": [ "Phishing: https://www.redpacketsecurity.com/coinbasecartel-ransomware-victim-cinvestav/", "https://www.redpacketsecurity.com/cve-alert-cve-2025-59230-microsoft-windows-10-version-1809/", "https://www.redpacketsecurity.com/cve_alert_cve-2024-12847/", "https://www.redpacketsecurity.com/cve_alert_cve-2025-4135/", "https://www.redpacketsecurity.com/cve_alert_cve-2025-4140/", "https://www.redpacketsecurity.com/cve_alert_cve-2025-4142/", "https://www.redpacketsecurity.com/cve_alert_cve-2025-45492/", "https://www.redpacketsecurity.com/firefox-0day-cve-2015-4495/" ], "public": 1, "adversary": "Coinbase Cartel", "targeted_countries": [ "United States of America", "Bangladesh", "Sweden", "Japan" ], "malware_families": [ { "id": "Exploit:Linux/CVE-2017-17215", "display_name": "Exploit:Linux/CVE-2017-17215", "target": "/malware/Exploit:Linux/CVE-2017-17215" }, { "id": "Exploit:JS/CVE-2014-0322", "display_name": "Exploit:JS/CVE-2014-0322", "target": "/malware/Exploit:JS/CVE-2014-0322" }, { "id": "CVE-2015-4495", "display_name": "CVE-2015-4495", "target": null }, { "id": "CVE-2024-12847", "display_name": "CVE-2024-12847", "target": null }, { "id": "CVE-2025-11727", "display_name": "CVE-2025-11727", "target": null }, { "id": "CVE-2025-4135", "display_name": "CVE-2025-4135", "target": null }, { "id": "CVE-2025-4140", "display_name": "CVE-2025-4140", "target": null }, { "id": "CVE-2025-4142", "display_name": "CVE-2025-4142", "target": null }, { "id": "CVE-2025-45492", "display_name": "CVE-2025-45492", "target": null }, { "id": "CVE-2025-59230", "display_name": "CVE-2025-59230", "target": null } ], "attack_ids": [ { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1482", "name": "Domain Trust Discovery", "display_name": "T1482 - Domain Trust Discovery" } ], "industries": [ "Education" ], "TLP": "green", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 523, "CVE": 10, "domain": 44, "hostname": 149, "FileHash-MD5": 30, "FileHash-SHA1": 21, "FileHash-SHA256": 133 }, "indicator_count": 910, "is_author": false, "is_subscribing": null, "subscriber_count": 139, "modified_text": "103 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6935ef5c19e35c43e6908694", "name": "COINBASE CARTEL - RedPacketSecurity[.]com \u2022 CVE BANK", "description": "Based on information gathered ; researchers have attempted to warned (Netgear. / Targets) early. Exploits a CVE Bank under DGA domain name : Red Packet Security [.] com.\n\nContact information redacted. Other information shows a Tijuana , Mexico Address . Contact name is a Mexican / Hispanic Forename & Surname . Accuracy unknown. Not including in references.\n\nHas explored for sum time using different DGA\u2019s. One reference from an informative , three year old Pulse ( by blokchanz ) included in references.", "modified": "2026-01-06T00:03:32.099000", "created": "2025-12-07T21:19:24.529000", "tags": [ "active", "cve", "critical", "phishing", "trojan", "ransomware", "buffer overflow", "file corruption", "meta", "form", "cloudflare", "cve bank", "mimick kimsuky", "target", "netgear", "apt73", "motion capture", "red packet", "security", "mexico", "united states", "dga", "contacted by researchers", "exploits", "remote", "manipulation", "tijuana" ], "references": [ "Relationship by blokchanz -> https://otx.alienvault.com/pulse/63819ac31fc0ad0b85e90f9f" ], "public": 1, "adversary": "COINBASE CARTEL", "targeted_countries": [ "United States of America", "Bangladesh", "Sweden", "Korea, Republic of", "Japan" ], "malware_families": [], "attack_ids": [], "industries": [ "Education", "Institutions" ], "TLP": "green", "cloned_from": null, "export_count": 10, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 103, "FileHash-MD5": 25, "FileHash-SHA1": 16, "FileHash-SHA256": 14, "CVE": 12, "domain": 4, "hostname": 12, "email": 1 }, "indicator_count": 187, "is_author": false, "is_subscribing": null, "subscriber_count": 139, "modified_text": "103 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "https://evilginx.redpacketsecurity.com", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "https://evilginx.redpacketsecurity.com", "type": "URL", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1776638273.2614975 }