{ "type": "URL", "indicator": "https://virusblocker.it.com/11E6C6611E6C66", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "https://virusblocker.it.com/11E6C6611E6C66", "type": "url", "type_title": "URL", "validation": [], "base_indicator": { "id": 4358839889, "indicator": "https://virusblocker.it.com/11E6C6611E6C66", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 8, "pulses": [ { "id": "6a0dc186d876adf657cd59bc", "name": "Botnet_C2 | May 21, 2026", "description": "Botnet_C2 indicators. Date: May 21, 2026. Total: 1450 indicators. For more threat intelligence visit https://ltna.com.au/cyber", "modified": "2026-05-20T14:13:26.141000", "created": "2026-05-20T14:13:26.141000", "tags": [ "botnet_c2" ], "references": [ "https://ltna.com.au/cyber" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "LTNA-Australia", "id": "380633", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_380633/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "IPv4": 5, "domain": 91, "hostname": 103, "URL": 122 }, "indicator_count": 321, "is_author": false, "is_subscribing": null, "subscriber_count": 91, "modified_text": "10 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6a0c7064a0fb569bec85f393", "name": "Botnet_C2 | May 20, 2026", "description": "Botnet_C2 indicators. Date: May 20, 2026. Total: 1572 indicators. For more threat intelligence visit https://ltna.com.au/cyber", "modified": "2026-05-19T14:15:00.785000", "created": "2026-05-19T14:15:00.785000", "tags": [ "botnet_c2" ], "references": [ "https://ltna.com.au/cyber" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "LTNA-Australia", "id": "380633", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_380633/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "IPv4": 5, "hostname": 110, "URL": 131, "domain": 106 }, "indicator_count": 352, "is_author": false, "is_subscribing": null, "subscriber_count": 91, "modified_text": "11 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6a0b1ea5176db73afd03be92", "name": "Botnet_C2 | May 19, 2026", "description": "Botnet_C2 indicators. Date: May 19, 2026. Total: 1536 indicators. For more threat intelligence visit https://ltna.com.au/cyber", "modified": "2026-05-18T14:13:57.759000", "created": "2026-05-18T14:13:57.759000", "tags": [ "botnet_c2" ], "references": [ "https://ltna.com.au/cyber" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "LTNA-Australia", "id": "380633", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_380633/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "IPv4": 5, "hostname": 164, "URL": 126, "domain": 100 }, "indicator_count": 395, "is_author": false, "is_subscribing": null, "subscriber_count": 91, "modified_text": "12 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6a09ccf25cc07a878047c587", "name": "Botnet_C2 | May 18, 2026", "description": "Botnet_C2 indicators. Date: May 18, 2026. Total: 1498 indicators. For more threat intelligence visit https://ltna.com.au/cyber", "modified": "2026-05-17T14:13:06.822000", "created": "2026-05-17T14:13:06.822000", "tags": [ "botnet_c2" ], "references": [ "https://ltna.com.au/cyber" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "LTNA-Australia", "id": "380633", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_380633/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "IPv4": 5, "domain": 91, "hostname": 167, "URL": 110 }, "indicator_count": 373, "is_author": false, "is_subscribing": null, "subscriber_count": 91, "modified_text": "13 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6a087b722fa404577f1e5595", "name": "Botnet_C2 | May 17, 2026", "description": "Botnet_C2 indicators. Date: May 17, 2026. Total: 1324 indicators. For more threat intelligence visit https://ltna.com.au/cyber", "modified": "2026-05-16T14:13:06.540000", "created": "2026-05-16T14:13:06.540000", "tags": [ "botnet_c2" ], "references": [ "https://ltna.com.au/cyber" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "LTNA-Australia", "id": "380633", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_380633/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "IPv4": 5, "URL": 109, "hostname": 167, "domain": 97 }, "indicator_count": 378, "is_author": false, "is_subscribing": null, "subscriber_count": 92, "modified_text": "14 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6a072a0676dcfed7790c60ab", "name": "Botnet_C2 | May 16, 2026", "description": "Botnet_C2 indicators. Date: May 16, 2026. Total: 1275 indicators. For more threat intelligence visit https://ltna.com.au/cyber", "modified": "2026-05-15T14:13:26.156000", "created": "2026-05-15T14:13:26.156000", "tags": [ "botnet_c2" ], "references": [ "https://ltna.com.au/cyber" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "LTNA-Australia", "id": "380633", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_380633/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "IPv4": 5, "domain": 106, "hostname": 168, "URL": 103 }, "indicator_count": 382, "is_author": false, "is_subscribing": null, "subscriber_count": 92, "modified_text": "15 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6a05d87e1a72136955395ca3", "name": "Botnet_C2 | May 15, 2026", "description": "Botnet_C2 indicators. Date: May 15, 2026. Total: 1254 indicators. For more threat intelligence visit https://ltna.com.au/cyber", "modified": "2026-05-14T14:13:18.368000", "created": "2026-05-14T14:13:18.368000", "tags": [ "botnet_c2" ], "references": [ "https://ltna.com.au/cyber" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "LTNA-Australia", "id": "380633", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_380633/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "IPv4": 5, "domain": 114, "hostname": 159, "URL": 111 }, "indicator_count": 389, "is_author": false, "is_subscribing": null, "subscriber_count": 92, "modified_text": "16 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6a05771e399f16e575ebfd9a", "name": "FamousSparrow APT Targets Azerbaijani Oil and Gas Industry", "description": "Bitdefender Labs tracked a sophisticated cyber intrusion against an Azerbaijani oil and gas company conducted by the Chinese APT group FamousSparrow. This multi-wave operation, which spanned from late December 2025 through late February 2026, showcased advanced attack techniques particularly focused on exploiting energy infrastructure in the South Caucasus, an area increasingly recognized for its geopolitical importance following significant changes in European energy supply dynamics.", "modified": "2026-05-14T07:17:50.707000", "created": "2026-05-14T07:17:50.707000", "tags": [ "deed rat", "dll sideloading", "mofu loader", "deflate", "logmein hamachi", "famoussparrow", "terndoor", "cisco talos", "defender action", "south caucasus", "february", "wave", "impacket", "defense evasion", "shellcode", "malware", "config", "prior", "magic", "shell", "service", "format", "dword", "install", "inject", "powershell", "cobalt strike", "psexec", "tools", "initial access", "smbexec", "earth estries", "pe", "deed", "iis web", "terndoor kernel", "first wave", "encrypted deed", "rat payload", "hamachinet", "rat https" ], "references": [ "https://www.bitdefender.com/en-us/blog/businessinsights/famoussparrow-apt-targets-azerbaijani-oil-gas-industry" ], "public": 1, "adversary": "FamousSparrow", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1014", "name": "Rootkit", "display_name": "T1014 - Rootkit" }, { "id": "T1021", "name": "Remote Services", "display_name": "T1021 - Remote Services" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1190", "name": "Exploit Public-Facing Application", "display_name": "T1190 - Exploit Public-Facing Application" }, { "id": "T1505", "name": "Server Software Component", "display_name": "T1505 - Server Software Component" }, { "id": "T1543", "name": "Create or Modify System Process", "display_name": "T1543 - Create or Modify System Process" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1569", "name": "System Services", "display_name": "T1569 - System Services" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1104", "name": "Multi-Stage Channels", "display_name": "T1104 - Multi-Stage Channels" }, { "id": "T1132", "name": "Data Encoding", "display_name": "T1132 - Data Encoding" }, { "id": "T1124", "name": "System Time Discovery", "display_name": "T1124 - System Time Discovery" }, { "id": "T1560", "name": "Archive Collected Data", "display_name": "T1560 - Archive Collected Data" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" } ], "industries": [ "Energy", "Oil And Gas", "Telecoms", "Government", "Technology" ], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "PetrP.73", "id": "154605", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 5, "FileHash-MD5": 3, "domain": 1, "URL": 3 }, "indicator_count": 12, "is_author": false, "is_subscribing": null, "subscriber_count": 542, "modified_text": "16 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [ "https://ltna.com.au/cyber", "https://www.bitdefender.com/en-us/blog/businessinsights/famoussparrow-apt-targets-azerbaijani-oil-gas-industry" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 0 }, "other": { "adversary": [ "FamousSparrow" ], "malware_families": [], "industries": [ "Oil and gas", "Telecoms", "Technology", "Government", "Energy" ], "unique_indicators": 660 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/it.com", "whois": "http://whois.domaintools.com/it.com", "domain": "it.com", "hostname": "virusblocker.it.com" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 8, "pulses": [ { "id": "6a0dc186d876adf657cd59bc", "name": "Botnet_C2 | May 21, 2026", "description": "Botnet_C2 indicators. Date: May 21, 2026. Total: 1450 indicators. For more threat intelligence visit https://ltna.com.au/cyber", "modified": "2026-05-20T14:13:26.141000", "created": "2026-05-20T14:13:26.141000", "tags": [ "botnet_c2" ], "references": [ "https://ltna.com.au/cyber" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "LTNA-Australia", "id": "380633", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_380633/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "IPv4": 5, "domain": 91, "hostname": 103, "URL": 122 }, "indicator_count": 321, "is_author": false, "is_subscribing": null, "subscriber_count": 91, "modified_text": "10 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6a0c7064a0fb569bec85f393", "name": "Botnet_C2 | May 20, 2026", "description": "Botnet_C2 indicators. Date: May 20, 2026. Total: 1572 indicators. For more threat intelligence visit https://ltna.com.au/cyber", "modified": "2026-05-19T14:15:00.785000", "created": "2026-05-19T14:15:00.785000", "tags": [ "botnet_c2" ], "references": [ "https://ltna.com.au/cyber" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "LTNA-Australia", "id": "380633", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_380633/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "IPv4": 5, "hostname": 110, "URL": 131, "domain": 106 }, "indicator_count": 352, "is_author": false, "is_subscribing": null, "subscriber_count": 91, "modified_text": "11 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6a0b1ea5176db73afd03be92", "name": "Botnet_C2 | May 19, 2026", "description": "Botnet_C2 indicators. Date: May 19, 2026. Total: 1536 indicators. For more threat intelligence visit https://ltna.com.au/cyber", "modified": "2026-05-18T14:13:57.759000", "created": "2026-05-18T14:13:57.759000", "tags": [ "botnet_c2" ], "references": [ "https://ltna.com.au/cyber" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "LTNA-Australia", "id": "380633", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_380633/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "IPv4": 5, "hostname": 164, "URL": 126, "domain": 100 }, "indicator_count": 395, "is_author": false, "is_subscribing": null, "subscriber_count": 91, "modified_text": "12 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6a09ccf25cc07a878047c587", "name": "Botnet_C2 | May 18, 2026", "description": "Botnet_C2 indicators. Date: May 18, 2026. Total: 1498 indicators. For more threat intelligence visit https://ltna.com.au/cyber", "modified": "2026-05-17T14:13:06.822000", "created": "2026-05-17T14:13:06.822000", "tags": [ "botnet_c2" ], "references": [ "https://ltna.com.au/cyber" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "LTNA-Australia", "id": "380633", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_380633/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "IPv4": 5, "domain": 91, "hostname": 167, "URL": 110 }, "indicator_count": 373, "is_author": false, "is_subscribing": null, "subscriber_count": 91, "modified_text": "13 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6a087b722fa404577f1e5595", "name": "Botnet_C2 | May 17, 2026", "description": "Botnet_C2 indicators. Date: May 17, 2026. Total: 1324 indicators. For more threat intelligence visit https://ltna.com.au/cyber", "modified": "2026-05-16T14:13:06.540000", "created": "2026-05-16T14:13:06.540000", "tags": [ "botnet_c2" ], "references": [ "https://ltna.com.au/cyber" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "LTNA-Australia", "id": "380633", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_380633/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "IPv4": 5, "URL": 109, "hostname": 167, "domain": 97 }, "indicator_count": 378, "is_author": false, "is_subscribing": null, "subscriber_count": 92, "modified_text": "14 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6a072a0676dcfed7790c60ab", "name": "Botnet_C2 | May 16, 2026", "description": "Botnet_C2 indicators. Date: May 16, 2026. Total: 1275 indicators. For more threat intelligence visit https://ltna.com.au/cyber", "modified": "2026-05-15T14:13:26.156000", "created": "2026-05-15T14:13:26.156000", "tags": [ "botnet_c2" ], "references": [ "https://ltna.com.au/cyber" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "LTNA-Australia", "id": "380633", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_380633/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "IPv4": 5, "domain": 106, "hostname": 168, "URL": 103 }, "indicator_count": 382, "is_author": false, "is_subscribing": null, "subscriber_count": 92, "modified_text": "15 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6a05d87e1a72136955395ca3", "name": "Botnet_C2 | May 15, 2026", "description": "Botnet_C2 indicators. Date: May 15, 2026. Total: 1254 indicators. For more threat intelligence visit https://ltna.com.au/cyber", "modified": "2026-05-14T14:13:18.368000", "created": "2026-05-14T14:13:18.368000", "tags": [ "botnet_c2" ], "references": [ "https://ltna.com.au/cyber" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "LTNA-Australia", "id": "380633", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_380633/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "IPv4": 5, "domain": 114, "hostname": 159, "URL": 111 }, "indicator_count": 389, "is_author": false, "is_subscribing": null, "subscriber_count": 92, "modified_text": "16 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6a05771e399f16e575ebfd9a", "name": "FamousSparrow APT Targets Azerbaijani Oil and Gas Industry", "description": "Bitdefender Labs tracked a sophisticated cyber intrusion against an Azerbaijani oil and gas company conducted by the Chinese APT group FamousSparrow. This multi-wave operation, which spanned from late December 2025 through late February 2026, showcased advanced attack techniques particularly focused on exploiting energy infrastructure in the South Caucasus, an area increasingly recognized for its geopolitical importance following significant changes in European energy supply dynamics.", "modified": "2026-05-14T07:17:50.707000", "created": "2026-05-14T07:17:50.707000", "tags": [ "deed rat", "dll sideloading", "mofu loader", "deflate", "logmein hamachi", "famoussparrow", "terndoor", "cisco talos", "defender action", "south caucasus", "february", "wave", "impacket", "defense evasion", "shellcode", "malware", "config", "prior", "magic", "shell", "service", "format", "dword", "install", "inject", "powershell", "cobalt strike", "psexec", "tools", "initial access", "smbexec", "earth estries", "pe", "deed", "iis web", "terndoor kernel", "first wave", "encrypted deed", "rat payload", "hamachinet", "rat https" ], "references": [ "https://www.bitdefender.com/en-us/blog/businessinsights/famoussparrow-apt-targets-azerbaijani-oil-gas-industry" ], "public": 1, "adversary": "FamousSparrow", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1014", "name": "Rootkit", "display_name": "T1014 - Rootkit" }, { "id": "T1021", "name": "Remote Services", "display_name": "T1021 - Remote Services" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1190", "name": "Exploit Public-Facing Application", "display_name": "T1190 - Exploit Public-Facing Application" }, { "id": "T1505", "name": "Server Software Component", "display_name": "T1505 - Server Software Component" }, { "id": "T1543", "name": "Create or Modify System Process", "display_name": "T1543 - Create or Modify System Process" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1569", "name": "System Services", "display_name": "T1569 - System Services" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1104", "name": "Multi-Stage Channels", "display_name": "T1104 - Multi-Stage Channels" }, { "id": "T1132", "name": "Data Encoding", "display_name": "T1132 - Data Encoding" }, { "id": "T1124", "name": "System Time Discovery", "display_name": "T1124 - System Time Discovery" }, { "id": "T1560", "name": "Archive Collected Data", "display_name": "T1560 - Archive Collected Data" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" } ], "industries": [ "Energy", "Oil And Gas", "Telecoms", "Government", "Technology" ], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "PetrP.73", "id": "154605", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 5, "FileHash-MD5": 3, "domain": 1, "URL": 3 }, "indicator_count": 12, "is_author": false, "is_subscribing": null, "subscriber_count": 542, "modified_text": "16 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "https://virusblocker.it.com/11E6C6611E6C66", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "https://virusblocker.it.com/11E6C6611E6C66", "type": "URL", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1780185429.692929 }