{ "type": "URL", "indicator": "https://literaturaelsalvador.com/Instructions.html", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "https://literaturaelsalvador.com/Instructions.html", "type": "url", "type_title": "URL", "validation": [], "base_indicator": { "id": 3638443132, "indicator": "https://literaturaelsalvador.com/Instructions.html", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 8, "pulses": [ { "id": "64160883fe275bce4bb6b07f", "name": "NOBELIUM Uses Poland's Ambassador\u2019s Visit to the U.S. to Target EU Governments Assisting Ukraine", "description": "BlackBerry researchers have observed a new campaign by the Russian state-sponsored threat group, known as APT29, targeting European Union countries and their diplomatic systems, including that of Poland's ambassador to the United States.", "modified": "2023-04-17T18:01:57.645000", "created": "2023-03-18T18:52:50.130000", "tags": [ "APT29", "Nobelium", "BugSplatRc64", "trojan", "phishing", "Cozy Bell" ], "references": [ "https://blogs.blackberry.com/en/2023/03/nobelium-targets-eu-governments-assisting-ukraine" ], "public": 1, "adversary": "Nobelium", "targeted_countries": [ "United States of America", "Poland", "Ukraine" ], "malware_families": [], "attack_ids": [ { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1189", "name": "Drive-by Compromise", "display_name": "T1189 - Drive-by Compromise" }, { "id": "T1199", "name": "Trusted Relationship", "display_name": "T1199 - Trusted Relationship" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1102", "name": "Web Service", "display_name": "T1102 - Web Service" }, { "id": "T1204", "name": "User Execution", "display_name": "T1204 - User Execution" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1584", "name": "Compromise Infrastructure", "display_name": "T1584 - Compromise Infrastructure" } ], "industries": [ "Telecommunications", "Technology", "Military", "Government", "Foreign Affairs" ], "TLP": "white", "cloned_from": null, "export_count": 385, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "URL": 2, "FileHash-MD5": 8, "FileHash-SHA1": 3, "FileHash-SHA256": 8, "YARA": 1 }, "indicator_count": 22, "is_author": false, "is_subscribing": null, "subscriber_count": 376735, "modified_text": "1093 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "645d78a5627aff337a0ea918", "name": "InQuest - 11-05-2023", "description": "", "modified": "2023-05-11T23:22:13.687000", "created": "2023-05-11T23:22:13.687000", "tags": [], "references": [ "https://labs.inquest.net/iocdb" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 7, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunterAutoFeed", "id": "182496", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_182496/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 210, "FileHash-SHA256": 177, "IPv4": 20, "URL": 188, "hostname": 41, "domain": 16, "FileHash-SHA1": 2 }, "indicator_count": 654, "is_author": false, "is_subscribing": null, "subscriber_count": 1599, "modified_text": "1069 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "645c261e8c83c7c88e02bdcd", "name": "InQuest - 10-05-2023", "description": "", "modified": "2023-05-10T23:17:50.185000", "created": "2023-05-10T23:17:50.185000", "tags": [], "references": [ "https://labs.inquest.net/iocdb" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 4, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunterAutoFeed", "id": "182496", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_182496/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 211, "FileHash-SHA256": 178, "IPv4": 20, "URL": 188, "hostname": 41, "domain": 16, "FileHash-SHA1": 2 }, "indicator_count": 656, "is_author": false, "is_subscribing": null, "subscriber_count": 1599, "modified_text": "1070 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "645ad7faf859acaa8e183af1", "name": "InQuest - 09-05-2023", "description": "", "modified": "2023-05-09T23:32:10.101000", "created": "2023-05-09T23:32:10.101000", "tags": [], "references": [ "https://labs.inquest.net/iocdb" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 4, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunterAutoFeed", "id": "182496", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_182496/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 178, "FileHash-MD5": 211, "IPv4": 20, "URL": 188, "hostname": 41, "domain": 16, "FileHash-SHA1": 2 }, "indicator_count": 656, "is_author": false, "is_subscribing": null, "subscriber_count": 1600, "modified_text": "1071 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "64172e0fb69540f43cf03454", "name": "test", "description": "", "modified": "2023-04-17T18:01:57.645000", "created": "2023-03-19T15:45:19.355000", "tags": [ "APT29", "Nobelium", "BugSplatRc64", "trojan", "phishing", "Cozy Bell" ], "references": [ "https://blogs.blackberry.com/en/2023/03/nobelium-targets-eu-governments-assisting-ukraine" ], "public": 1, "adversary": "Nobelium", "targeted_countries": [ "United States of America", "Poland", "Ukraine" ], "malware_families": [], "attack_ids": [ { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1189", "name": "Drive-by Compromise", "display_name": "T1189 - Drive-by Compromise" }, { "id": "T1199", "name": "Trusted Relationship", "display_name": "T1199 - Trusted Relationship" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1102", "name": "Web Service", "display_name": "T1102 - Web Service" }, { "id": "T1204", "name": "User Execution", "display_name": "T1204 - User Execution" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1584", "name": "Compromise Infrastructure", "display_name": "T1584 - Compromise Infrastructure" } ], "industries": [ "Telecommunications", "Technology", "Military", "Government", "Foreign Affairs" ], "TLP": "white", "cloned_from": "64160883fe275bce4bb6b07f", "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "wangweijia", "id": "213262", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 2, "FileHash-MD5": 8, "FileHash-SHA1": 3, "FileHash-SHA256": 8, "YARA": 1 }, "indicator_count": 22, "is_author": false, "is_subscribing": null, "subscriber_count": 31, "modified_text": "1093 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "64172e10b33b43cf7ad39c85", "name": "test", "description": "", "modified": "2023-04-17T18:01:57.645000", "created": "2023-03-19T15:45:20.419000", "tags": [ "APT29", "Nobelium", "BugSplatRc64", "trojan", "phishing", "Cozy Bell" ], "references": [ "https://blogs.blackberry.com/en/2023/03/nobelium-targets-eu-governments-assisting-ukraine" ], "public": 1, "adversary": "Nobelium", "targeted_countries": [ "United States of America", "Poland", "Ukraine" ], "malware_families": [], "attack_ids": [ { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1189", "name": "Drive-by Compromise", "display_name": "T1189 - Drive-by Compromise" }, { "id": "T1199", "name": "Trusted Relationship", "display_name": "T1199 - Trusted Relationship" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1102", "name": "Web Service", "display_name": "T1102 - Web Service" }, { "id": "T1204", "name": "User Execution", "display_name": "T1204 - User Execution" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1584", "name": "Compromise Infrastructure", "display_name": "T1584 - Compromise Infrastructure" } ], "industries": [ "Telecommunications", "Technology", "Military", "Government", "Foreign Affairs" ], "TLP": "white", "cloned_from": "64160883fe275bce4bb6b07f", "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "wangweijia", "id": "213262", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 2, "FileHash-MD5": 8, "FileHash-SHA1": 3, "FileHash-SHA256": 8, "YARA": 1 }, "indicator_count": 22, "is_author": false, "is_subscribing": null, "subscriber_count": 31, "modified_text": "1093 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "64390a3e6e6d9395d28626e8", "name": "Sophisticated APT29 Campaign Abuses Notion API to Target the European Commission", "description": "", "modified": "2023-04-14T08:09:34.372000", "created": "2023-04-14T08:09:34.372000", "tags": [], "references": [ "https://mrtiepolo.medium.com/sophisticated-apt29-campaign-abuses-notion-api-to-target-the-european-commission-200188059f58" ], "public": 1, "adversary": "APT29", "targeted_countries": [], "malware_families": [ { "id": "GraphicalNeutrino", "display_name": "GraphicalNeutrino", "target": null }, { "id": "EnvyScout", "display_name": "EnvyScout", "target": null } ], "attack_ids": [ { "id": "T1566.002", "name": "Spearphishing Link", "display_name": "T1566.002 - Spearphishing Link" }, { "id": "T1102.002", "name": "Bidirectional Communication", "display_name": "T1102.002 - Bidirectional Communication" }, { "id": "T1547.001", "name": "Registry Run Keys / Startup Folder", "display_name": "T1547.001 - Registry Run Keys / Startup Folder" } ], "industries": [ "Government" ], "TLP": "white", "cloned_from": "6439067d602fda53fdebef9c", "export_count": 4, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Y0utHS11", "id": "201713", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 2, "FileHash-MD5": 2, "FileHash-SHA1": 2, "FileHash-SHA256": 2, "IPv4": 1, "domain": 1 }, "indicator_count": 10, "is_author": false, "is_subscribing": null, "subscriber_count": 45, "modified_text": "1096 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6439067d602fda53fdebef9c", "name": "Sophisticated APT29 Campaign Abuses Notion API to Target the European Commission", "description": "Russian state-sponsored hackers known as APT29 use a popular note-taking application, including Notion, to target the European Commission, according to a new analysis by security firm Kaspersky.", "modified": "2023-04-14T07:53:33.830000", "created": "2023-04-14T07:53:33.830000", "tags": [], "references": [ "https://mrtiepolo.medium.com/sophisticated-apt29-campaign-abuses-notion-api-to-target-the-european-commission-200188059f58" ], "public": 1, "adversary": "APT29", "targeted_countries": [], "malware_families": [ { "id": "GraphicalNeutrino", "display_name": "GraphicalNeutrino", "target": null }, { "id": "EnvyScout", "display_name": "EnvyScout", "target": null } ], "attack_ids": [ { "id": "T1566.002", "name": "Spearphishing Link", "display_name": "T1566.002 - Spearphishing Link" }, { "id": "T1102.002", "name": "Bidirectional Communication", "display_name": "T1102.002 - Bidirectional Communication" }, { "id": "T1547.001", "name": "Registry Run Keys / Startup Folder", "display_name": "T1547.001 - Registry Run Keys / Startup Folder" } ], "industries": [ "Government" ], "TLP": "white", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "s2wlab_talon", "id": "125133", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 2, "FileHash-MD5": 2, "FileHash-SHA1": 2, "FileHash-SHA256": 2, "IPv4": 1, "domain": 1 }, "indicator_count": 10, "is_author": false, "is_subscribing": null, "subscriber_count": 69, "modified_text": "1096 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [ "https://labs.inquest.net/iocdb", "https://mrtiepolo.medium.com/sophisticated-apt29-campaign-abuses-notion-api-to-target-the-european-commission-200188059f58", "https://blogs.blackberry.com/en/2023/03/nobelium-targets-eu-governments-assisting-ukraine" ], "related": { "alienvault": { "adversary": [ "Nobelium" ], "malware_families": [], "industries": [ "Government", "Military", "Telecommunications", "Technology", "Foreign affairs" ], "unique_indicators": 23 }, "other": { "adversary": [ "APT29", "Nobelium" ], "malware_families": [ "Envyscout", "Graphicalneutrino" ], "industries": [ "Government", "Military", "Telecommunications", "Technology", "Foreign affairs" ], "unique_indicators": 662 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/literaturaelsalvador.com", "whois": "http://whois.domaintools.com/literaturaelsalvador.com", "domain": "literaturaelsalvador.com", "hostname": "Unavailable" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 8, "pulses": [ { "id": "64160883fe275bce4bb6b07f", "name": "NOBELIUM Uses Poland's Ambassador\u2019s Visit to the U.S. to Target EU Governments Assisting Ukraine", "description": "BlackBerry researchers have observed a new campaign by the Russian state-sponsored threat group, known as APT29, targeting European Union countries and their diplomatic systems, including that of Poland's ambassador to the United States.", "modified": "2023-04-17T18:01:57.645000", "created": "2023-03-18T18:52:50.130000", "tags": [ "APT29", "Nobelium", "BugSplatRc64", "trojan", "phishing", "Cozy Bell" ], "references": [ "https://blogs.blackberry.com/en/2023/03/nobelium-targets-eu-governments-assisting-ukraine" ], "public": 1, "adversary": "Nobelium", "targeted_countries": [ "United States of America", "Poland", "Ukraine" ], "malware_families": [], "attack_ids": [ { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1189", "name": "Drive-by Compromise", "display_name": "T1189 - Drive-by Compromise" }, { "id": "T1199", "name": "Trusted Relationship", "display_name": "T1199 - Trusted Relationship" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1102", "name": "Web Service", "display_name": "T1102 - Web Service" }, { "id": "T1204", "name": "User Execution", "display_name": "T1204 - User Execution" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1584", "name": "Compromise Infrastructure", "display_name": "T1584 - Compromise Infrastructure" } ], "industries": [ "Telecommunications", "Technology", "Military", "Government", "Foreign Affairs" ], "TLP": "white", "cloned_from": null, "export_count": 385, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "URL": 2, "FileHash-MD5": 8, "FileHash-SHA1": 3, "FileHash-SHA256": 8, "YARA": 1 }, "indicator_count": 22, "is_author": false, "is_subscribing": null, "subscriber_count": 376735, "modified_text": "1093 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "645d78a5627aff337a0ea918", "name": "InQuest - 11-05-2023", "description": "", "modified": "2023-05-11T23:22:13.687000", "created": "2023-05-11T23:22:13.687000", "tags": [], "references": [ "https://labs.inquest.net/iocdb" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 7, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunterAutoFeed", "id": "182496", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_182496/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 210, "FileHash-SHA256": 177, "IPv4": 20, "URL": 188, "hostname": 41, "domain": 16, "FileHash-SHA1": 2 }, "indicator_count": 654, "is_author": false, "is_subscribing": null, "subscriber_count": 1599, "modified_text": "1069 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "645c261e8c83c7c88e02bdcd", "name": "InQuest - 10-05-2023", "description": "", "modified": "2023-05-10T23:17:50.185000", "created": "2023-05-10T23:17:50.185000", "tags": [], "references": [ "https://labs.inquest.net/iocdb" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 4, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunterAutoFeed", "id": "182496", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_182496/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 211, "FileHash-SHA256": 178, "IPv4": 20, "URL": 188, "hostname": 41, "domain": 16, "FileHash-SHA1": 2 }, "indicator_count": 656, "is_author": false, "is_subscribing": null, "subscriber_count": 1599, "modified_text": "1070 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "645ad7faf859acaa8e183af1", "name": "InQuest - 09-05-2023", "description": "", "modified": "2023-05-09T23:32:10.101000", "created": "2023-05-09T23:32:10.101000", "tags": [], "references": [ "https://labs.inquest.net/iocdb" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 4, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunterAutoFeed", "id": "182496", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_182496/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 178, "FileHash-MD5": 211, "IPv4": 20, "URL": 188, "hostname": 41, "domain": 16, "FileHash-SHA1": 2 }, "indicator_count": 656, "is_author": false, "is_subscribing": null, "subscriber_count": 1600, "modified_text": "1071 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "64172e0fb69540f43cf03454", "name": "test", "description": "", "modified": "2023-04-17T18:01:57.645000", "created": "2023-03-19T15:45:19.355000", "tags": [ "APT29", "Nobelium", "BugSplatRc64", "trojan", "phishing", "Cozy Bell" ], "references": [ "https://blogs.blackberry.com/en/2023/03/nobelium-targets-eu-governments-assisting-ukraine" ], "public": 1, "adversary": "Nobelium", "targeted_countries": [ "United States of America", "Poland", "Ukraine" ], "malware_families": [], "attack_ids": [ { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1189", "name": "Drive-by Compromise", "display_name": "T1189 - Drive-by Compromise" }, { "id": "T1199", "name": "Trusted Relationship", "display_name": "T1199 - Trusted Relationship" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1102", "name": "Web Service", "display_name": "T1102 - Web Service" }, { "id": "T1204", "name": "User Execution", "display_name": "T1204 - User Execution" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1584", "name": "Compromise Infrastructure", "display_name": "T1584 - Compromise Infrastructure" } ], "industries": [ "Telecommunications", "Technology", "Military", "Government", "Foreign Affairs" ], "TLP": "white", "cloned_from": "64160883fe275bce4bb6b07f", "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "wangweijia", "id": "213262", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 2, "FileHash-MD5": 8, "FileHash-SHA1": 3, "FileHash-SHA256": 8, "YARA": 1 }, "indicator_count": 22, "is_author": false, "is_subscribing": null, "subscriber_count": 31, "modified_text": "1093 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "64172e10b33b43cf7ad39c85", "name": "test", "description": "", "modified": "2023-04-17T18:01:57.645000", "created": "2023-03-19T15:45:20.419000", "tags": [ "APT29", "Nobelium", "BugSplatRc64", "trojan", "phishing", "Cozy Bell" ], "references": [ "https://blogs.blackberry.com/en/2023/03/nobelium-targets-eu-governments-assisting-ukraine" ], "public": 1, "adversary": "Nobelium", "targeted_countries": [ "United States of America", "Poland", "Ukraine" ], "malware_families": [], "attack_ids": [ { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1189", "name": "Drive-by Compromise", "display_name": "T1189 - Drive-by Compromise" }, { "id": "T1199", "name": "Trusted Relationship", "display_name": "T1199 - Trusted Relationship" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1102", "name": "Web Service", "display_name": "T1102 - Web Service" }, { "id": "T1204", "name": "User Execution", "display_name": "T1204 - User Execution" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1584", "name": "Compromise Infrastructure", "display_name": "T1584 - Compromise Infrastructure" } ], "industries": [ "Telecommunications", "Technology", "Military", "Government", "Foreign Affairs" ], "TLP": "white", "cloned_from": "64160883fe275bce4bb6b07f", "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "wangweijia", "id": "213262", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 2, "FileHash-MD5": 8, "FileHash-SHA1": 3, "FileHash-SHA256": 8, "YARA": 1 }, "indicator_count": 22, "is_author": false, "is_subscribing": null, "subscriber_count": 31, "modified_text": "1093 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "64390a3e6e6d9395d28626e8", "name": "Sophisticated APT29 Campaign Abuses Notion API to Target the European Commission", "description": "", "modified": "2023-04-14T08:09:34.372000", "created": "2023-04-14T08:09:34.372000", "tags": [], "references": [ "https://mrtiepolo.medium.com/sophisticated-apt29-campaign-abuses-notion-api-to-target-the-european-commission-200188059f58" ], "public": 1, "adversary": "APT29", "targeted_countries": [], "malware_families": [ { "id": "GraphicalNeutrino", "display_name": "GraphicalNeutrino", "target": null }, { "id": "EnvyScout", "display_name": "EnvyScout", "target": null } ], "attack_ids": [ { "id": "T1566.002", "name": "Spearphishing Link", "display_name": "T1566.002 - Spearphishing Link" }, { "id": "T1102.002", "name": "Bidirectional Communication", "display_name": "T1102.002 - Bidirectional Communication" }, { "id": "T1547.001", "name": "Registry Run Keys / Startup Folder", "display_name": "T1547.001 - Registry Run Keys / Startup Folder" } ], "industries": [ "Government" ], "TLP": "white", "cloned_from": "6439067d602fda53fdebef9c", "export_count": 4, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Y0utHS11", "id": "201713", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 2, "FileHash-MD5": 2, "FileHash-SHA1": 2, "FileHash-SHA256": 2, "IPv4": 1, "domain": 1 }, "indicator_count": 10, "is_author": false, "is_subscribing": null, "subscriber_count": 45, "modified_text": "1096 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6439067d602fda53fdebef9c", "name": "Sophisticated APT29 Campaign Abuses Notion API to Target the European Commission", "description": "Russian state-sponsored hackers known as APT29 use a popular note-taking application, including Notion, to target the European Commission, according to a new analysis by security firm Kaspersky.", "modified": "2023-04-14T07:53:33.830000", "created": "2023-04-14T07:53:33.830000", "tags": [], "references": [ "https://mrtiepolo.medium.com/sophisticated-apt29-campaign-abuses-notion-api-to-target-the-european-commission-200188059f58" ], "public": 1, "adversary": "APT29", "targeted_countries": [], "malware_families": [ { "id": "GraphicalNeutrino", "display_name": "GraphicalNeutrino", "target": null }, { "id": "EnvyScout", "display_name": "EnvyScout", "target": null } ], "attack_ids": [ { "id": "T1566.002", "name": "Spearphishing Link", "display_name": "T1566.002 - Spearphishing Link" }, { "id": "T1102.002", "name": "Bidirectional Communication", "display_name": "T1102.002 - Bidirectional Communication" }, { "id": "T1547.001", "name": "Registry Run Keys / Startup Folder", "display_name": "T1547.001 - Registry Run Keys / Startup Folder" } ], "industries": [ "Government" ], "TLP": "white", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "s2wlab_talon", "id": "125133", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 2, "FileHash-MD5": 2, "FileHash-SHA1": 2, "FileHash-SHA256": 2, "IPv4": 1, "domain": 1 }, "indicator_count": 10, "is_author": false, "is_subscribing": null, "subscriber_count": 69, "modified_text": "1096 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "https://literaturaelsalvador.com/Instructions.html", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "https://literaturaelsalvador.com/Instructions.html", "type": "URL", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1776228557.664202 }