{ "type": "URL", "indicator": "https://www.secondwrite.com", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "https://www.secondwrite.com", "type": "url", "type_title": "URL", "validation": [], "base_indicator": { "id": 3494773941, "indicator": "https://www.secondwrite.com", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 42, "pulses": [ { "id": "69b95273abb52a5ec0fd0754", "name": "Threat Intel Report - W07-2026", "description": "These are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week.\n\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools.", "modified": "2026-04-16T13:37:13.951000", "created": "2026-03-17T13:09:07.099000", "tags": [ "mozi", "clearfake", "remcosrat", "microsoft", "week", "windows", "italy", "bangladesh", "iocs", "cobaltstrike", "dcrat", "february", "coinminer", "smoke loader", "agent tesla", "lumma stealer", "malware", "date", "quasarrat", "vidar", "telegram", "steam", "restart", "bitcoin", "shinyhunters", "python", "soar", "threat", "tesla", "ninja browser", "lumma" ], "references": [ "https://any.run/malware-trends/", "https://urlhaus.abuse.ch/" ], "public": 1, "adversary": "Threat", "targeted_countries": [ "Canada" ], "malware_families": [ { "id": "Tesla", "display_name": "Tesla", "target": null }, { "id": "ShinyHunters", "display_name": "ShinyHunters", "target": null }, { "id": "Ninja Browser", "display_name": "Ninja Browser", "target": null }, { "id": "Threat", "display_name": "Threat", "target": null }, { "id": "Lumma", "display_name": "Lumma", "target": null } ], "attack_ids": [ { "id": "T1090", "name": "Proxy", "display_name": "T1090 - Proxy" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1190", "name": "Exploit Public-Facing Application", "display_name": "T1190 - Exploit Public-Facing Application" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 457, "FileHash-MD5": 40, "FileHash-SHA1": 41, "FileHash-SHA256": 58, "CVE": 4, "domain": 26, "hostname": 81 }, "indicator_count": 707, "is_author": false, "is_subscribing": null, "subscriber_count": 107, "modified_text": "3 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "68c7ca350c27d4818d54bf62", "name": "Threat Intel Report - W34-2025", "description": "These are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week.", "modified": "2025-10-15T09:53:41.327000", "created": "2025-09-15T08:11:33.621000", "tags": [ "mozi", "microsoft", "grouped", "windows", "week", "group", "coinminer", "iocs", "august", "compromise", "agent tesla", "malware", "sliver", "amadey", "tycoon", "quasar", "service", "lumma", "tesla", "qilin" ], "references": [ "https://urlhaus.abuse.ch/", "https://any.run/malware-trends/" ], "public": 1, "adversary": "", "targeted_countries": [ "India", "Russian Federation" ], "malware_families": [ { "id": "Lumma", "display_name": "Lumma", "target": null }, { "id": "Tesla", "display_name": "Tesla", "target": null }, { "id": "Qilin", "display_name": "Qilin", "target": null } ], "attack_ids": [ { "id": "T1090", "name": "Proxy", "display_name": "T1090 - Proxy" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1543", "name": "Create or Modify System Process", "display_name": "T1543 - Create or Modify System Process" } ], "industries": [ "Cryptocurrency", "Government", "Defense" ], "TLP": "white", "cloned_from": null, "export_count": 18, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 52, "URL": 264, "FileHash-MD5": 13, "FileHash-SHA1": 13, "FileHash-SHA256": 17, "hostname": 60 }, "indicator_count": 419, "is_author": false, "is_subscribing": null, "subscriber_count": 105, "modified_text": "186 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "68a2ee2d7d72510c53fe83f4", "name": "Threat Intel Report - W32-2025", "description": "These are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week. \n\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools.", "modified": "2025-09-17T09:03:35.910000", "created": "2025-08-18T09:11:09.011000", "tags": [ "mozi", "microsoft", "week", "google", "iocs", "sonicwall", "grouped", "compromise", "cvss", "cvss base", "android", "agent tesla", "asyncrat", "remcos", "ruby", "august", "malware", "date", "telegram", "ransomhub", "malicious" ], "references": [ "https://any.run/malware-trends/", "https://urlhaus.abuse.ch/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 23, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 66, "hostname": 78, "URL": 207, "FileHash-MD5": 18, "FileHash-SHA1": 18, "FileHash-SHA256": 18, "CVE": 2 }, "indicator_count": 407, "is_author": false, "is_subscribing": null, "subscriber_count": 106, "modified_text": "214 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "687f7d01085b8f8ad65f8544", "name": "Threat Intel Report - W27-2025", "description": "These are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week. \n\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools.", "modified": "2025-08-21T11:04:34.944000", "created": "2025-07-22T11:58:57.903000", "tags": [ "mozi", "grouped", "week", "group", "iocs", "microsoft", "ingram micro", "compromise", "italy", "cvss", "grok", "mexico", "agent tesla", "amadey", "june", "malware", "telegram", "asyncrat", "april", "code", "police" ], "references": [ "https://urlhaus.abuse.ch/", "https://any.run/malware-trends/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 18, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 76, "URL": 193, "FileHash-MD5": 18, "FileHash-SHA1": 18, "FileHash-SHA256": 20, "domain": 64 }, "indicator_count": 389, "is_author": false, "is_subscribing": null, "subscriber_count": 105, "modified_text": "241 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "686392e508db0be867f7399e", "name": "Threat Intel Report - W25-2025", "description": "These are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week. \n\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools.", "modified": "2025-07-31T07:01:54.261000", "created": "2025-07-01T07:48:53.450000", "tags": [ "cobaltstrike", "microsoft", "week", "grouped", "iocs", "group", "compromise", "urls http", "dcrat", "cvss", "remcos", "asyncrat", "lazarus", "malware", "date", "coinminer", "sliver", "steam", "june", "friday", "godfather", "service", "telecom", "godfather android" ], "references": [ "https://urlhaus.abuse.ch/", "https://any.run/malware-trends/" ], "public": 1, "adversary": "Lazarus", "targeted_countries": [ "United States of America" ], "malware_families": [ { "id": "Godfather Android", "display_name": "Godfather Android", "target": null } ], "attack_ids": [ { "id": "T1068", "name": "Exploitation for Privilege Escalation", "display_name": "T1068 - Exploitation for Privilege Escalation" } ], "industries": [ "Cryptocurrency", "Insurance" ], "TLP": "white", "cloned_from": null, "export_count": 32, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 151, "FileHash-MD5": 15, "FileHash-SHA1": 15, "FileHash-SHA256": 18, "domain": 53, "hostname": 95 }, "indicator_count": 347, "is_author": false, "is_subscribing": null, "subscriber_count": 106, "modified_text": "262 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6818a371cc417c23e582dcc5", "name": "Threat Intel Report - W18-2025", "description": "These are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week. \n\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools. \n\nThese details may be used as an additional layer to verify the current security posture of an organization against latest cyber trends.", "modified": "2025-06-04T11:00:42.004000", "created": "2025-05-05T11:39:29.491000", "tags": [ "mozi", "grouped", "week", "microsoft", "group", "iocs", "gmail", "compromise", "urls http", "cvss", "amadey", "asyncrat", "remcos", "malware", "date", "clearfake", "telegram", "april", "stealc", "flash", "august", "magento", "nullbulge" ], "references": [ "https://urlhaus.abuse.ch/", "https://any.run/malware-trends/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 19, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 54, "domain": 50, "URL": 196, "FileHash-MD5": 8, "FileHash-SHA1": 8, "FileHash-SHA256": 18 }, "indicator_count": 334, "is_author": false, "is_subscribing": null, "subscriber_count": 105, "modified_text": "319 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "680f59605f2cdb05ecfe52b7", "name": "Threat Intel Report - W14-2025", "description": "These are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week. \n\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools.", "modified": "2025-05-28T10:02:27.221000", "created": "2025-04-28T10:33:04.500000", "tags": [ "mozi", "wsgidav", "grouped", "week", "group", "iocs", "turkey", "compromise", "asyncrat", "urls http", "clearfake", "ukraine", "amadey", "remcos", "malware", "date", "indonesia", "uruguay", "telegram", "enterprise", "mark" ], "references": [ "https://any.run/malware-trends/", "https://urlhaus.abuse.ch/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [ "Cryptocurrency" ], "TLP": "white", "cloned_from": null, "export_count": 18, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 85, "URL": 159, "FileHash-MD5": 13, "FileHash-SHA1": 13, "FileHash-SHA256": 17, "domain": 59 }, "indicator_count": 346, "is_author": false, "is_subscribing": null, "subscriber_count": 106, "modified_text": "326 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "680f5a8e01022a089e7764fb", "name": "Threat Intel Report - W15-2025", "description": "These are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week. \n\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools.", "modified": "2025-05-28T10:02:27.221000", "created": "2025-04-28T10:38:06.316000", "tags": [ "mozi", "grouped", "week", "group", "microsoft", "iocs", "clearfake", "compromise", "romania", "turkey", "stealc", "asyncrat", "amadey", "april", "malware", "date", "malicious", "mexico", "xworm", "telegram", "defender" ], "references": [ "https://any.run/malware-trends/", "https://urlhaus.abuse.ch/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [ "Cryptocurrency" ], "TLP": "white", "cloned_from": null, "export_count": 17, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 65, "URL": 170, "FileHash-MD5": 11, "FileHash-SHA1": 11, "FileHash-SHA256": 12, "hostname": 54 }, "indicator_count": 323, "is_author": false, "is_subscribing": null, "subscriber_count": 106, "modified_text": "326 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "680f5ba83da287237eb298c9", "name": "Threat Intel Report - W16-2025", "description": "These are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in a week. \n\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools.", "modified": "2025-05-28T10:02:27.221000", "created": "2025-04-28T10:42:48.579000", "tags": [ "mozi", "week", "clearfake", "iocs", "clickfix", "grouped", "compromise", "urls http", "cvss", "cvss base", "redline stealer", "remcos", "asyncrat", "malware", "date", "malicious", "telegram", "april", "android", "interlock" ], "references": [ "https://any.run/malware-trends/", "https://urlhaus.abuse.ch/" ], "public": 1, "adversary": "", "targeted_countries": [ "Korea, Democratic People's Republic of", "Iran, Islamic Republic of", "Russian Federation" ], "malware_families": [ { "id": "Interlock", "display_name": "Interlock", "target": null } ], "attack_ids": [], "industries": [ "Cryptocurrency", "Government" ], "TLP": "white", "cloned_from": null, "export_count": 19, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 72, "URL": 168, "domain": 59, "FileHash-MD5": 13, "FileHash-SHA1": 13, "FileHash-SHA256": 15, "CVE": 1 }, "indicator_count": 341, "is_author": false, "is_subscribing": null, "subscriber_count": 106, "modified_text": "326 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "680f5c36f8f8d4e2b86696c0", "name": "Threat Intel Report - W17-2025", "description": "These are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week. \n\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools.", "modified": "2025-05-28T10:02:27.221000", "created": "2025-04-28T10:45:10.012000", "tags": [ "mozi", "mozi link", "week", "microsoft", "iocs", "grouped", "compromise", "russia", "urls http", "cvss", "clearfake", "ukraine", "asyncrat", "remcos", "amadey", "dragonforce", "lazarus", "malware", "darktortilla", "stealc", "cobaltstrike", "telegram", "april", "february", "mtn", "wordpress" ], "references": [ "https://any.run/malware-trends/", "https://urlhaus.abuse.ch/" ], "public": 1, "adversary": "MTN", "targeted_countries": [ "Ukraine", "Korea, Republic of" ], "malware_families": [ { "id": "Wordpress", "display_name": "Wordpress", "target": null } ], "attack_ids": [ { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1102", "name": "Web Service", "display_name": "T1102 - Web Service" }, { "id": "T1189", "name": "Drive-by Compromise", "display_name": "T1189 - Drive-by Compromise" } ], "industries": [ "Telecommunications", "Cryptocurrency", "Telecom", "Finance" ], "TLP": "white", "cloned_from": null, "export_count": 26, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 66, "URL": 162, "domain": 76, "FileHash-MD5": 12, "FileHash-SHA1": 12, "FileHash-SHA256": 20 }, "indicator_count": 348, "is_author": false, "is_subscribing": null, "subscriber_count": 108, "modified_text": "326 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "67ef8df5d1dfcf2ce2fce716", "name": "Threat Intel Report - W13-2025", "description": "These are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week. \n\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools. \n\nThese details may be used as an additional layer to verify the current security posture of an organization against latest cyber trends.", "modified": "2025-05-04T07:02:31.627000", "created": "2025-04-04T07:44:53.871000", "tags": [ "mozi", "mozi link", "china", "russia", "microsoft", "windows", "week", "germany", "iocs", "clearfake", "indonesia", "remcos", "asyncrat", "sharepoint", "malware", "date", "mexico", "panama", "amadey", "infostealer", "sparrowdoor", "clop" ], "references": [ "https://urlhaus.abuse.ch/", "https://any.run/malware-trends/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Infostealer", "display_name": "Infostealer", "target": null }, { "id": "SparrowDoor", "display_name": "SparrowDoor", "target": null }, { "id": "Clop", "display_name": "Clop", "target": null } ], "attack_ids": [ { "id": "T1021", "name": "Remote Services", "display_name": "T1021 - Remote Services" } ], "industries": [ "Cryptocurrency", "Healthcare" ], "TLP": "white", "cloned_from": null, "export_count": 27, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 264, "FileHash-MD5": 12, "FileHash-SHA1": 12, "FileHash-SHA256": 18, "domain": 59, "hostname": 115 }, "indicator_count": 480, "is_author": false, "is_subscribing": null, "subscriber_count": 106, "modified_text": "350 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "67ef8d571324a271de986299", "name": "Threat Intel Report - W12-2025", "description": "These are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week. \n\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools. \n\nThese details may be used as an additional layer to verify the current security posture of an organization against latest cyber trends.", "modified": "2025-05-04T07:02:31.627000", "created": "2025-04-04T07:42:15.839000", "tags": [ "mozi", "bangladesh", "singapore", "cobaltstrike", "united kingdom", "mozi link", "germany", "france", "china", "turkey", "pink", "indonesia", "clearfake", "ukraine", "panama", "remcos", "asyncrat", "agent tesla", "malware", "date", "snakekeylogger", "masslogger", "mexico", "ransomhub" ], "references": [ "https://urlhaus.abuse.ch/", "https://any.run/malware-trends/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "RansomHub", "display_name": "RansomHub", "target": null } ], "attack_ids": [ { "id": "T1195", "name": "Supply Chain Compromise", "display_name": "T1195 - Supply Chain Compromise" } ], "industries": [ "Cryptocurrency" ], "TLP": "white", "cloned_from": null, "export_count": 20, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 207, "FileHash-MD5": 16, "FileHash-SHA1": 16, "FileHash-SHA256": 19, "CVE": 1, "domain": 43, "hostname": 180 }, "indicator_count": 482, "is_author": false, "is_subscribing": null, "subscriber_count": 105, "modified_text": "350 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "67ef8acdfe632a32bd164cbc", "name": "Threat Intel Report - W11-2025", "description": "These are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week. \n\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools. \n\nThese details may be used as an additional layer to verify the current security posture of an organization against latest cyber trends.", "modified": "2025-05-04T07:02:31.627000", "created": "2025-04-04T07:31:25.772000", "tags": [ "mozi", "germany", "india", "china", "grouped", "vietnam", "united kingdom", "singapore", "week", "group", "indonesia", "clearfake", "asyncrat", "stealc", "smartloader", "mexico", "remcos", "malware", "date", "belarus", "ukraine", "amadey", "lockbit", "linux", "superblack", "akira" ], "references": [ "https://urlhaus.abuse.ch/", "https://any.run/malware-trends/" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [ { "id": "Linux", "display_name": "Linux", "target": null }, { "id": "SuperBlack", "display_name": "SuperBlack", "target": null }, { "id": "Akira", "display_name": "Akira", "target": null }, { "id": "LockBit", "display_name": "LockBit", "target": null } ], "attack_ids": [ { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" } ], "industries": [ "Cryptocurrency" ], "TLP": "white", "cloned_from": null, "export_count": 21, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 91, "FileHash-MD5": 51, "FileHash-SHA1": 51, "FileHash-SHA256": 117, "domain": 62, "hostname": 114 }, "indicator_count": 486, "is_author": false, "is_subscribing": null, "subscriber_count": 105, "modified_text": "350 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "67ef8924699b118fe8775508", "name": "Threat Intel Report - W10-2025", "description": "These are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week. \n\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools. \n\nThese details may be used as an additional layer to verify the current security posture of an organization against latest cyber trends.", "modified": "2025-05-04T07:02:31.627000", "created": "2025-04-04T07:24:20.314000", "tags": [ "cisos", "mozi", "coinminer", "germany", "mozi link", "singapore", "brazil", "russia", "united kingdom", "grouped", "france", "dcrat", "sliver", "ukraine", "asyncrat", "agent tesla", "malware", "date", "clearfake", "indonesia", "mexico", "panama", "paraguay", "steam", "february", "service", "qilin", "akira" ], "references": [ "https://urlhaus.abuse.ch/", "https://any.run/malware-trends/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Qilin", "display_name": "Qilin", "target": null }, { "id": "Akira", "display_name": "Akira", "target": null } ], "attack_ids": [ { "id": "T1123", "name": "Audio Capture", "display_name": "T1123 - Audio Capture" }, { "id": "T1552", "name": "Unsecured Credentials", "display_name": "T1552 - Unsecured Credentials" } ], "industries": [ "Cryptocurrency", "Telecom", "Telecommunication" ], "TLP": "white", "cloned_from": null, "export_count": 17, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 273, "FileHash-MD5": 12, "FileHash-SHA1": 12, "FileHash-SHA256": 16, "domain": 57, "hostname": 190 }, "indicator_count": 560, "is_author": false, "is_subscribing": null, "subscriber_count": 105, "modified_text": "350 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "67c6db8c356d3600c63bda5f", "name": "Threat Intel Report - W09-2025", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced from various channels and tools. \n\nThese are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week. \n\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools.", "modified": "2025-04-03T10:02:05.354000", "created": "2025-03-04T10:53:00.339000", "tags": [ "mozi", "singapore", "germany", "brazil", "france", "canada", "hong kong", "netherlands", "india", "week", "indonesia", "ukraine", "dcrat", "february", "lazarus", "asyncrat", "remcos", "malware", "date", "cobaltstrike", "clearfake", "panama", "mexico", "estonia", "steam", "close", "ransomware", "police", "android", "service", "friday", "pump", "grasscall", "vo1d" ], "references": [ "https://any.run/malware-trends/", "https://urlhaus.abuse.ch/" ], "public": 1, "adversary": "", "targeted_countries": [ "Thailand", "Australia" ], "malware_families": [ { "id": "GrassCall", "display_name": "GrassCall", "target": null }, { "id": "Vo1d", "display_name": "Vo1d", "target": null } ], "attack_ids": [ { "id": "T1090", "name": "Proxy", "display_name": "T1090 - Proxy" } ], "industries": [ "Cryptocurrency" ], "TLP": "white", "cloned_from": null, "export_count": 20, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 265, "FileHash-MD5": 15, "FileHash-SHA1": 15, "FileHash-SHA256": 18, "CVE": 1, "domain": 50, "hostname": 132 }, "indicator_count": 496, "is_author": false, "is_subscribing": null, "subscriber_count": 105, "modified_text": "381 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "67c6da18dc4aee1789e6e055", "name": "Threat Intel Report - W08-2025", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced from various channels and tools. \n\nThese are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week. \n\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools.", "modified": "2025-04-03T10:02:05.354000", "created": "2025-03-04T10:46:48.069000", "tags": [ "mozi", "wsgidav", "mozi link", "week", "germany", "iocs", "compromise", "australia", "urls https", "microsoft", "asyncrat", "agent tesla", "remcos", "malware", "date", "indonesia", "mexico", "february" ], "references": [ "https://any.run/malware-trends/", "https://urlhaus.abuse.ch/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1195", "name": "Supply Chain Compromise", "display_name": "T1195 - Supply Chain Compromise" } ], "industries": [ "Cryptocurrency" ], "TLP": "white", "cloned_from": null, "export_count": 13, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 94, "URL": 121, "FileHash-MD5": 14, "FileHash-SHA1": 14, "FileHash-SHA256": 15, "domain": 47 }, "indicator_count": 305, "is_author": false, "is_subscribing": null, "subscriber_count": 105, "modified_text": "381 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "67c6d94d3b0f65be3f6b60e1", "name": "Threat Intel Report - W07-2025", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced from various channels and tools. \n\nThese are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week. \n\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools.", "modified": "2025-04-03T10:02:05.354000", "created": "2025-03-04T10:43:25.849000", "tags": [ "mozi", "tech mahindra", "csrmirteam", "threat report", "south africa", "mozi lin", "germany", "greed mi", "greed mirai", "blacklist host", "indonesia", "asyncrat", "agent tesla", "police", "malware", "date", "jaff", "mylobot", "paraguay", "ukraine", "remcos", "february", "steam", "lumma", "finaldraft", "vidar", "ra world", "mirai" ], "references": [ "https://any.run/malware-trends/", "https://urlhaus.abuse.ch/" ], "public": 1, "adversary": "", "targeted_countries": [ "Russian Federation", "China", "United States of America" ], "malware_families": [ { "id": "Lumma", "display_name": "Lumma", "target": null }, { "id": "FinalDraft", "display_name": "FinalDraft", "target": null }, { "id": "Vidar", "display_name": "Vidar", "target": null }, { "id": "RA World", "display_name": "RA World", "target": null }, { "id": "mirai", "display_name": "mirai", "target": null } ], "attack_ids": [ { "id": "T1102", "name": "Web Service", "display_name": "T1102 - Web Service" } ], "industries": [ "Telecoms", "Cryptocurrency", "Telecommunications" ], "TLP": "white", "cloned_from": null, "export_count": 15, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 189, "FileHash-MD5": 13, "FileHash-SHA1": 13, "FileHash-SHA256": 18, "CVE": 1, "domain": 52, "hostname": 123 }, "indicator_count": 409, "is_author": false, "is_subscribing": null, "subscriber_count": 105, "modified_text": "381 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "679b60be026390028046f224", "name": "Threat Intel Report - W04-2025", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced \nfrom various channels and tools.\nThese are weekly base recommendations to all IT Administrators and CISOs to take corrective \nactions to upgrade their security infrastructure against newly identified threats and attacks in this \nweek.\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner \nthrough manual or automated tools.\nThese details may be used as an additional layer to verify the current security posture of an \norganization against latest cyber trend", "modified": "2025-03-01T11:00:13.105000", "created": "2025-01-30T11:21:34.012000", "tags": [ "mozi", "tech mahindra", "csrmirteam", "threat report", "germany", "singapore", "brazil", "blacklist host", "ip country", "latest spambot", "ukraine", "stealc", "indonesia", "asyncrat", "amadey", "malware", "paraguay", "xworm", "enterprise", "ransomware", "april", "android", "lumma", "change healthcare" ], "references": [ "https://urlhaus.abuse.ch/", "https://any.run/malware-trends/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Lumma", "display_name": "Lumma", "target": null }, { "id": "Change Healthcare", "display_name": "Change Healthcare", "target": null } ], "attack_ids": [], "industries": [ "Cryptocurrency" ], "TLP": "white", "cloned_from": null, "export_count": 29, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 80, "URL": 210, "FileHash-MD5": 13, "FileHash-SHA1": 13, "FileHash-SHA256": 17, "hostname": 78 }, "indicator_count": 411, "is_author": false, "is_subscribing": null, "subscriber_count": 107, "modified_text": "414 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "679b60138d4b0b4c394a6d8e", "name": "Threat Intel Report - W03-2025", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced \nfrom various channels and tools.\nThese are weekly base recommendations to all IT Administrators and CISOs to take corrective \nactions to upgrade their security infrastructure against newly identified threats and attacks in this \nweek.\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner \nthrough manual or automated tools.\nThese details may be used as an additional layer to verify the current security posture of an \norganization against latest cyber trends", "modified": "2025-03-01T11:00:13.105000", "created": "2025-01-30T11:18:43.667000", "tags": [ "mozi", "tech mahindra", "csrmirteam", "threat report", "mozi link", "singapore", "vanuatu", "germany", "brazil", "dateadded", "indonesia", "ukraine", "dcrat", "asyncrat", "malware", "date", "mexico", "sality", "steam", "general", "lumma" ], "references": [ "https://urlhaus.abuse.ch/", "https://any.run/malware-trends/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Lumma", "display_name": "Lumma", "target": null } ], "attack_ids": [ { "id": "T1068", "name": "Exploitation for Privilege Escalation", "display_name": "T1068 - Exploitation for Privilege Escalation" } ], "industries": [ "Cryptocurrency", "Government", "Diplomacy", "Defense" ], "TLP": "white", "cloned_from": null, "export_count": 27, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 80, "hostname": 85, "URL": 202, "CVE": 1, "FileHash-MD5": 12, "FileHash-SHA1": 12, "FileHash-SHA256": 13 }, "indicator_count": 405, "is_author": false, "is_subscribing": null, "subscriber_count": 107, "modified_text": "414 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "679b5efa5d923a359b46f95b", "name": "Threat Intel Report - W02-2025", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced \nfrom various channels and tools.\nThese are weekly base recommendations to all IT Administrators and CISOs to take corrective \nactions to upgrade their security infrastructure against newly identified threats and attacks in this \nweek.\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner \nthrough manual or automated tools.\nThese details may be used as an additional layer to verify the current security posture of an \norganization against latest cyber trends.", "modified": "2025-03-01T11:00:13.105000", "created": "2025-01-30T11:14:02.450000", "tags": [ "tech mahindra", "csrmirteam", "threat report", "cobaltstrike", "united kingdom", "brazil", "germany", "blacklist host", "ip country", "latest spambot", "coinminer", "cobalt strike", "indonesia", "ukraine", "agent tesla", "rats", "asyncrat", "proton", "malware", "date", "sliver", "privateloader", "cridex", "meduza stealer", "sagecrypt", "redlinestealer", "quasarrat", "xmrig", "calendar", "designer", "silk typhoon", "lumma" ], "references": [ "https://urlhaus.abuse.ch/", "https://any.run/malware-trends/" ], "public": 1, "adversary": "Silk Typhoon", "targeted_countries": [ "United States of America", "Japan" ], "malware_families": [ { "id": "Lumma", "display_name": "Lumma", "target": null } ], "attack_ids": [], "industries": [ "Cryptocurrency" ], "TLP": "white", "cloned_from": null, "export_count": 43, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 61, "URL": 134, "FileHash-MD5": 16, "FileHash-SHA1": 16, "FileHash-SHA256": 17, "CVE": 1, "hostname": 122 }, "indicator_count": 367, "is_author": false, "is_subscribing": null, "subscriber_count": 107, "modified_text": "414 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "679b5dfdefa11d18f84b2acd", "name": "Threat Intel Report - W01-2025", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced \nfrom various channels and tools.\nThese are weekly base recommendations to all IT Administrators and CISOs to take corrective \nactions to upgrade their security infrastructure against newly identified threats and attacks in this week.", "modified": "2025-03-01T10:02:53.494000", "created": "2025-01-30T11:09:49.734000", "tags": [ "mozi", "tech mahindra", "csrmirteam", "threat report", "netherland", "mozi link", "blacklist host", "ip country", "latest spambot", "visit", "dcrat", "uruguay", "asyncrat", "space bears", "malware", "date", "xworm", "sality", "steam", "lumma", "hardhat" ], "references": [ "https://urlhaus.abuse.ch/", "https://any.run/malware-trends/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Lumma", "display_name": "Lumma", "target": null }, { "id": "Hardhat", "display_name": "Hardhat", "target": null } ], "attack_ids": [], "industries": [ "Cryptocurrency" ], "TLP": "white", "cloned_from": null, "export_count": 28, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 74, "hostname": 83, "URL": 165, "FileHash-MD5": 14, "FileHash-SHA1": 14, "FileHash-SHA256": 14 }, "indicator_count": 364, "is_author": false, "is_subscribing": null, "subscriber_count": 105, "modified_text": "414 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6774e8cbdfa56e26aa4b1c00", "name": "Threat Intel Report - W53-2024", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced from various channels and tools. \n\nThese are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week. \n\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools. \n\nThese details may be used as an additional layer to verify the current security posture of an organization against latest cyber trends.", "modified": "2025-01-31T07:03:15.087000", "created": "2025-01-01T07:03:39.539000", "tags": [ "mozi", "brazil", "germany", "kazakstan", "singapore", "week", "russia", "iocs", "australia", "france", "ukraine", "indonesia", "stealc", "malware", "mexico", "cryptbot", "amadey", "date", "belarus", "uruguay", "apache", "lumma", "contagious interview", "mirai" ], "references": [ "https://any.run/malware-trends/", "https://urlhaus.abuse.ch/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Lumma", "display_name": "Lumma", "target": null }, { "id": "Contagious Interview", "display_name": "Contagious Interview", "target": null }, { "id": "Mirai", "display_name": "Mirai", "target": null } ], "attack_ids": [ { "id": "T1176", "name": "Browser Extensions", "display_name": "T1176 - Browser Extensions" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" } ], "industries": [ "Cryptocurrency" ], "TLP": "white", "cloned_from": null, "export_count": 24, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 81, "URL": 230, "FileHash-MD5": 9, "FileHash-SHA1": 9, "FileHash-SHA256": 15, "CVE": 1, "domain": 105 }, "indicator_count": 450, "is_author": false, "is_subscribing": null, "subscriber_count": 106, "modified_text": "443 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6774e823196d078c848ed0e7", "name": "Threat Intel Report - W52-2024", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced from various channels and tools. \n\nThese are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week. \n\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools. \n\nThese details may be used as an additional layer to verify the current security posture of an organization against latest cyber trends.", "modified": "2025-01-31T06:04:58.629000", "created": "2025-01-01T07:00:51.580000", "tags": [ "mozi", "germany", "united kingdom", "asyncrat link", "russia", "brazil", "quakbot", "singapore", "week", "asyncrat", "ukraine", "mexico", "indonesia", "emmenhtal", "amadey", "play ransomware", "malware", "date", "paraguay", "slovakia", "first", "cryptbot", "lumma stealer", "alliance", "june", "android", "powershell" ], "references": [ "https://any.run/malware-trends/", "https://urlhaus.abuse.ch/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 20, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 70, "hostname": 92, "URL": 223, "CVE": 1, "FileHash-MD5": 12, "FileHash-SHA1": 12, "FileHash-SHA256": 16 }, "indicator_count": 426, "is_author": false, "is_subscribing": null, "subscriber_count": 105, "modified_text": "443 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6774e7765d719c949d7d9be1", "name": "Threat Intel Report - W51-2024", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced from various channels and tools. \n\nThese are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week. \n\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools. \n\nThese details may be used as an additional layer to verify the current security posture of an organization against latest cyber trends.", "modified": "2025-01-31T06:04:58.629000", "created": "2025-01-01T06:57:58.991000", "tags": [ "mozi", "mintsloader", "germany", "brazil", "india", "week", "russia", "australia", "cisa", "iocs", "indonesia", "stealc", "asyncrat", "amadey", "winnti", "facebook", "malware", "date", "redlinestealer", "mexico", "android", "gamaredon", "police", "ukraine", "turla", "april" ], "references": [ "https://any.run/malware-trends/", "https://urlhaus.abuse.ch/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 28, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 76, "hostname": 79, "URL": 196, "FileHash-MD5": 13, "FileHash-SHA1": 13, "FileHash-SHA256": 16 }, "indicator_count": 393, "is_author": false, "is_subscribing": null, "subscriber_count": 105, "modified_text": "443 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6774e689893fa87d47d8b351", "name": "Threat Intel Report - W50-2024", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced from various channels and tools. \n\nThese are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week. \n\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools. \n\nThese details may be used as an additional layer to verify the current security posture of an organization against latest cyber trends", "modified": "2025-01-31T06:04:58.629000", "created": "2025-01-01T06:54:01.111000", "tags": [ "mozi", "mintsloader", "germany", "brazil", "india", "russia", "week", "australia", "united kingdom", "iocs", "indonesia", "stealc", "police", "asyncrat", "agent tesla", "april", "matrix", "malware", "date", "redlinestealer", "mexico", "august", "service", "turla", "exploit" ], "references": [ "https://any.run/malware-trends/", "https://urlhaus.abuse.ch/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 23, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 100, "URL": 184, "FileHash-MD5": 13, "FileHash-SHA1": 13, "FileHash-SHA256": 16, "domain": 47 }, "indicator_count": 373, "is_author": false, "is_subscribing": null, "subscriber_count": 105, "modified_text": "443 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6774e534fe316d0fa0097cc1", "name": "Threat Intel Report - W49-2024", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced from various channels and tools. \n\nThese are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week. \n\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools. \n\nThese details may be used as an additional layer to verify the current security posture of an organization against latest cyber trends.", "modified": "2025-01-31T06:04:58.629000", "created": "2025-01-01T06:48:20.173000", "tags": [ "mozi", "hong kong", "germany", "mozi link", "brazil", "bulgaria", "microsoft", "united kingdom", "week", "russia", "indonesia", "stealc", "asyncrat", "agent tesla", "malware", "date", "mexico", "ukraine", "panama" ], "references": [ "https://urlhaus.abuse.ch/", "https://any.run/malware-trends/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 14, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 99, "URL": 208, "FileHash-MD5": 16, "FileHash-SHA1": 16, "FileHash-SHA256": 21, "domain": 58 }, "indicator_count": 418, "is_author": false, "is_subscribing": null, "subscriber_count": 105, "modified_text": "443 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "66bb4c7e8dfacb55bce2db69", "name": "Threat Intel Report - W27-2024", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced from various channels and tools. \n\nThese are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week. \n\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools. \n\nThese details may be used as an additional layer to verify the current security posture of an organization against latest cyber trends.", "modified": "2024-09-12T12:04:36.044000", "created": "2024-08-13T12:07:26.492000", "tags": [ "mozi", "mozi link", "week", "windows", "germany", "android", "spain", "brazil", "italy", "russia", "risepro", "remcos", "powershell", "panama", "ukraine", "agent tesla", "asyncrat", "hijackloader", "june", "p2pinfect" ], "references": [ "https://any.run/malware-trends/", "https://myip.ms/browse/blacklist/Blacklist_IP_Blacklist_IP_Addresses_Live_Database_Real-time" ], "public": 1, "adversary": "", "targeted_countries": [ "France", "Italy", "United States of America", "Canada", "Spain", "United Kingdom of Great Britain and Northern Ireland", "T\u00fcrkiye" ], "malware_families": [], "attack_ids": [ { "id": "T1195", "name": "Supply Chain Compromise", "display_name": "T1195 - Supply Chain Compromise" } ], "industries": [ "Hospitality" ], "TLP": "white", "cloned_from": null, "export_count": 15, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 91, "URL": 150, "FileHash-MD5": 72, "FileHash-SHA1": 72, "FileHash-SHA256": 118, "domain": 7 }, "indicator_count": 510, "is_author": false, "is_subscribing": null, "subscriber_count": 106, "modified_text": "584 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "66bb43d21eaad50b74da3b82", "name": "Threat Intel Report - W31-2024", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced from various channels and tools. \n\nThese are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week. \n\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools. \n\nThese details may be used as an additional layer to verify the current security posture of an organization against latest cyber trends.", "modified": "2024-09-12T11:00:55.410000", "created": "2024-08-13T11:30:26.108000", "tags": [ "mozi", "mozi link", "week", "windows", "microsoft", "penterac2", "russia", "germany", "cvss", "cvss base", "spynote", "mexico", "agent tesla", "remcos", "snakekeylogger", "coinminer", "panama", "indonesia", "asyncrat", "panda", "android" ], "references": [ "https://any.run/malware-trends/", "https://myip.ms/browse/blacklist/Blacklist_IP_Blacklist_IP_Addresses_Live_Database_Real-time" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 13, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 62, "hostname": 87, "URL": 136, "FileHash-MD5": 53, "FileHash-SHA1": 53, "FileHash-SHA256": 112 }, "indicator_count": 503, "is_author": false, "is_subscribing": null, "subscriber_count": 105, "modified_text": "584 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "66bb4194cec2a519f5835e30", "name": "Threat Intel Report - W32-2024", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced from various channels and tools[.] \n\nThese are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week[.] \n\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools[.] \n\nThese details may be used as an additional layer to verify the current security posture of an organization against latest cyber trends[.]", "modified": "2024-09-12T11:00:55.410000", "created": "2024-08-13T11:20:52.200000", "tags": [ "mozi", "russia", "week", "mozi link", "germany", "domains", "linux kernel", "cisa", "cvss", "cvss base", "asyncrat", "agent tesla", "remcos", "android", "vidar", "ukraine", "python", "rats", "service", "dark", "mandrake", "ransomware" ], "references": [ "https://any.run/malware-trends/", "https://myip.ms/browse/blacklist/Blacklist_IP_Blacklist_IP_Addresses_Live_Database_Real-time" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 17, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 46, "hostname": 94, "URL": 212, "FileHash-MD5": 47, "FileHash-SHA1": 47, "FileHash-SHA256": 118 }, "indicator_count": 564, "is_author": false, "is_subscribing": null, "subscriber_count": 105, "modified_text": "584 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "66bb43ce0b5a9b42a54a3498", "name": "Threat Intel Report - W31-2024", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced from various channels and tools. \n\nThese are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week. \n\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools. \n\nThese details may be used as an additional layer to verify the current security posture of an organization against latest cyber trends.", "modified": "2024-09-12T11:00:55.410000", "created": "2024-08-13T11:30:22.195000", "tags": [ "mozi", "mozi link", "week", "windows", "microsoft", "penterac2", "russia", "germany", "cvss", "cvss base", "spynote", "mexico", "agent tesla", "remcos", "snakekeylogger", "coinminer", "panama", "indonesia", "asyncrat", "panda", "android" ], "references": [ "https://any.run/malware-trends/", "https://myip.ms/browse/blacklist/Blacklist_IP_Blacklist_IP_Addresses_Live_Database_Real-time" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 13, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 62, "hostname": 87, "URL": 136, "FileHash-MD5": 53, "FileHash-SHA1": 53, "FileHash-SHA256": 112 }, "indicator_count": 503, "is_author": false, "is_subscribing": null, "subscriber_count": 105, "modified_text": "584 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "66bb43d21b05a860a29b73c0", "name": "Threat Intel Report - W31-2024", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced from various channels and tools. \n\nThese are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week. \n\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools. \n\nThese details may be used as an additional layer to verify the current security posture of an organization against latest cyber trends.", "modified": "2024-09-12T11:00:55.410000", "created": "2024-08-13T11:30:26.211000", "tags": [ "mozi", "mozi link", "week", "windows", "microsoft", "penterac2", "russia", "germany", "cvss", "cvss base", "spynote", "mexico", "agent tesla", "remcos", "snakekeylogger", "coinminer", "panama", "indonesia", "asyncrat", "panda", "android" ], "references": [ "https://any.run/malware-trends/", "https://myip.ms/browse/blacklist/Blacklist_IP_Blacklist_IP_Addresses_Live_Database_Real-time" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 13, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 62, "hostname": 87, "URL": 136, "FileHash-MD5": 53, "FileHash-SHA1": 53, "FileHash-SHA256": 112 }, "indicator_count": 503, "is_author": false, "is_subscribing": null, "subscriber_count": 105, "modified_text": "584 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "66bb44c55928675e15bc818d", "name": "Threat Intel Report - W30-2024", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced from various channels and tools. \n\nThese are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week. \n\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools. \n\nThese details may be used as an additional layer to verify the current security posture of an organization against latest cyber trends.", "modified": "2024-09-12T11:00:55.410000", "created": "2024-08-13T11:34:29.979000", "tags": [ "mozi", "microsoft", "week", "windows", "panama", "germany", "russia", "lithuania", "romania", "urls http", "agent tesla", "asyncrat", "dcrat", "muddywater", "indonesia", "mexico", "remcos", "stealc", "steam", "lockbit", "february", "qilin" ], "references": [ "https://any.run/malware-trends/", "https://myip.ms/browse/blacklist/Blacklist_IP_Blacklist_IP_Addresses_Live_Database_Real-time" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Qilin", "display_name": "Qilin", "target": null } ], "attack_ids": [ { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 16, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 70, "hostname": 82, "URL": 211, "FileHash-MD5": 69, "FileHash-SHA1": 68, "FileHash-SHA256": 117, "CVE": 1 }, "indicator_count": 618, "is_author": false, "is_subscribing": null, "subscriber_count": 105, "modified_text": "584 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "66bb499894eef0a43910b072", "name": "Threat Intel Report - W29-2024", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced from various channels and tools. \n\nThese are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week. \n\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools. \n\nThese details may be used as an additional layer to verify the current security posture of an organization against latest cyber trends.", "modified": "2024-09-12T11:00:55.410000", "created": "2024-08-13T11:55:04.474000", "tags": [ "mozi", "microsoft", "windows", "russia", "week", "germany", "bulgaria", "united kingdom", "turkey", "brazil", "asyncrat", "powershell", "autoit", "coinminer", "recordbreaker", "redlinestealer", "indonesia", "agent tesla", "remcos", "august", "enterprise", "vipersoftx" ], "references": [ "https://any.run/malware-trends/", "https://myip.ms/browse/blacklist/Blacklist_IP_Blacklist_IP_Addresses_Live_Database_Real-time" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "ViperSoftX", "display_name": "ViperSoftX", "target": null } ], "attack_ids": [], "industries": [ "Cryptocurrency" ], "TLP": "white", "cloned_from": null, "export_count": 13, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 53, "URL": 138, "FileHash-MD5": 66, "FileHash-SHA1": 66, "FileHash-SHA256": 119, "hostname": 118 }, "indicator_count": 560, "is_author": false, "is_subscribing": null, "subscriber_count": 106, "modified_text": "584 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "66bb4aefd227300a92540a40", "name": "Threat Intel Report - W28-2024", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced from various channels and tools. \n\nThese are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week. \n\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools. \n\nThese details may be used as an additional layer to verify the current security posture of an organization against latest cyber trends.", "modified": "2024-09-12T11:00:55.410000", "created": "2024-08-13T12:00:47.170000", "tags": [ "mozi", "brazil", "week", "spain", "russia", "france", "bulgaria", "japan", "united kingdom", "urls http", "agent tesla", "remcos", "ukraine", "cuba", "asyncrat", "june", "april", "union" ], "references": [ "https://any.run/malware-trends/", "https://myip.ms/browse/blacklist/Blacklist_IP_Blacklist_IP_Addresses_Live_Database_Real-time" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" } ], "industries": [ "Cryptocurrency", "Health", "Healthcare" ], "TLP": "white", "cloned_from": null, "export_count": 10, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 95, "FileHash-MD5": 46, "FileHash-SHA1": 46, "FileHash-SHA256": 113, "domain": 35, "hostname": 121 }, "indicator_count": 456, "is_author": false, "is_subscribing": null, "subscriber_count": 107, "modified_text": "584 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6662e53539f591feafafe7ff", "name": "Threat Intel Report - W21-2024", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced from various channels and tools. \n\nThese are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week. \n\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools. \n\nThese details may be used as an additional layer to verify the current security posture of an organization against latest cyber trends.", "modified": "2024-07-07T10:01:50.774000", "created": "2024-06-07T10:47:17.864000", "tags": [ "microsoft", "windows", "week", "android", "risepro", "cisa", "cvss", "cvss base", "april", "google", "remcos", "protect", "winscp", "grandoreiro", "sliver", "rtkit", "tiger", "qakbot" ], "references": [ "https://any.run/malware-trends/", "https://myip.ms/browse/blacklist/Blacklist_IP_Blacklist_IP_Addresses_Live_Database_Real-time" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 25, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 87, "URL": 191, "FileHash-MD5": 56, "FileHash-SHA1": 56, "FileHash-SHA256": 119, "domain": 30 }, "indicator_count": 539, "is_author": false, "is_subscribing": null, "subscriber_count": 106, "modified_text": "651 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "635ffda049d729e6576602d7", "name": "Threat Intel Report - W45-2022", "description": "", "modified": "2022-11-30T16:05:43.873000", "created": "2022-10-31T16:53:52.854000", "tags": [], "references": [], "public": 1, "adversary": "Threat Intel Report - W45-2022", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 6, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 106, "FileHash-MD5": 11, "FileHash-SHA1": 11, "FileHash-SHA256": 13, "CVE": 1, "domain": 31, "hostname": 68 }, "indicator_count": 241, "is_author": false, "is_subscribing": null, "subscriber_count": 105, "modified_text": "1236 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "63297db32a2503f61667c7f8", "name": "Threat Intel Advisory Report - W39-2022", "description": "", "modified": "2022-10-20T08:50:24.724000", "created": "2022-09-20T08:45:39.380000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 54, "URL": 99, "FileHash-MD5": 9, "FileHash-SHA1": 10, "FileHash-SHA256": 13, "CVE": 1, "domain": 37 }, "indicator_count": 223, "is_author": false, "is_subscribing": null, "subscriber_count": 105, "modified_text": "1277 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "631f0dc5f4226dc9c29e1e79", "name": "Threat Intel Report - W38-2022", "description": "", "modified": "2022-10-12T00:05:41.896000", "created": "2022-09-12T10:45:25.886000", "tags": [], "references": [], "public": 1, "adversary": "IOC- W38-2022", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 93, "CVE": 2, "FileHash-MD5": 10, "FileHash-SHA1": 9, "FileHash-SHA256": 12, "domain": 7, "hostname": 37 }, "indicator_count": 170, "is_author": false, "is_subscribing": null, "subscriber_count": 106, "modified_text": "1285 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6317137bd474b32c0162c595", "name": "Threat Intel Report - W37-2022", "description": "", "modified": "2022-10-06T00:00:46.407000", "created": "2022-09-06T09:31:39.761000", "tags": [], "references": [ "TechM-Threat Intel Report - W37-2022.pdf" ], "public": 1, "adversary": "Threat Intel Report - W37-2022", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 59, "hostname": 58, "URL": 71, "FileHash-MD5": 8, "FileHash-SHA1": 9, "FileHash-SHA256": 14, "CVE": 1 }, "indicator_count": 220, "is_author": false, "is_subscribing": null, "subscriber_count": 108, "modified_text": "1291 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "62bf189fbc2ec9c379bba1e8", "name": "TM Threat Intel Feed W25-2022", "description": "", "modified": "2022-07-31T00:02:44.153000", "created": "2022-07-01T15:54:07.928000", "tags": [], "references": [ "TM Threat Intel Feed - W25-2022.pdf" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 22, "hostname": 51, "URL": 109, "CVE": 1, "FileHash-MD5": 5, "FileHash-SHA1": 5, "FileHash-SHA256": 9 }, "indicator_count": 202, "is_author": false, "is_subscribing": null, "subscriber_count": 106, "modified_text": "1358 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "62bf193c856de5275ad3c997", "name": "TM Threat Intel Feed W27-2022", "description": "", "modified": "2022-07-31T00:02:44.153000", "created": "2022-07-01T15:56:44.035000", "tags": [], "references": [ "TechM-Threat Intel Report - W27-2022.pdf" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 24, "hostname": 24, "FileHash-MD5": 7, "FileHash-SHA1": 7, "FileHash-SHA256": 9, "URL": 104 }, "indicator_count": 175, "is_author": false, "is_subscribing": null, "subscriber_count": 106, "modified_text": "1358 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "62bf18f3e5de11ad0b0b39db", "name": "TM Threat Intel Feed W26-2022", "description": "", "modified": "2022-07-31T00:02:44.153000", "created": "2022-07-01T15:55:31.039000", "tags": [], "references": [ "TechM-Threat Intel Report - W26-2022.pdf" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 20, "URL": 107, "hostname": 24, "CVE": 1, "FileHash-MD5": 7, "FileHash-SHA1": 7, "FileHash-SHA256": 8 }, "indicator_count": 174, "is_author": false, "is_subscribing": null, "subscriber_count": 106, "modified_text": "1358 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [ "TechM-Threat Intel Report - W26-2022.pdf", "TM Threat Intel Feed - W25-2022.pdf", "TechM-Threat Intel Report - W27-2022.pdf", "https://urlhaus.abuse.ch/", "https://any.run/malware-trends/", "TechM-Threat Intel Report - W37-2022.pdf", "https://myip.ms/browse/blacklist/Blacklist_IP_Blacklist_IP_Addresses_Live_Database_Real-time" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 0 }, "other": { "adversary": [ "Threat", "Lazarus", "Silk Typhoon", "MTN", "Threat Intel Report - W37-2022", "IOC- W38-2022", "Threat Intel Report - W45-2022" ], "malware_families": [ "Vipersoftx", "Change healthcare", "Akira", "Sparrowdoor", "Grasscall", "Vidar", "Ninja browser", "Superblack", "Mirai", "Finaldraft", "Qilin", "Ra world", "Lockbit", "Godfather android", "Shinyhunters", "Threat", "Linux", "Contagious interview", "Lumma", "Hardhat", "Clop", "Wordpress", "Vo1d", "Infostealer", "Interlock", "Ransomhub", "Tesla" ], "industries": [ "Telecommunication", "Diplomacy", "Finance", "Insurance", "Telecommunications", "Cryptocurrency", "Government", "Telecom", "Defense", "Hospitality", "Telecoms", "Healthcare", "Health" ], "unique_indicators": 19485 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/secondwrite.com", "whois": "http://whois.domaintools.com/secondwrite.com", "domain": "secondwrite.com", "hostname": "www.secondwrite.com" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 42, "pulses": [ { "id": "69b95273abb52a5ec0fd0754", "name": "Threat Intel Report - W07-2026", "description": "These are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week.\n\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools.", "modified": "2026-04-16T13:37:13.951000", "created": "2026-03-17T13:09:07.099000", "tags": [ "mozi", "clearfake", "remcosrat", "microsoft", "week", "windows", "italy", "bangladesh", "iocs", "cobaltstrike", "dcrat", "february", "coinminer", "smoke loader", "agent tesla", "lumma stealer", "malware", "date", "quasarrat", "vidar", "telegram", "steam", "restart", "bitcoin", "shinyhunters", "python", "soar", "threat", "tesla", "ninja browser", "lumma" ], "references": [ "https://any.run/malware-trends/", "https://urlhaus.abuse.ch/" ], "public": 1, "adversary": "Threat", "targeted_countries": [ "Canada" ], "malware_families": [ { "id": "Tesla", "display_name": "Tesla", "target": null }, { "id": "ShinyHunters", "display_name": "ShinyHunters", "target": null }, { "id": "Ninja Browser", "display_name": "Ninja Browser", "target": null }, { "id": "Threat", "display_name": "Threat", "target": null }, { "id": "Lumma", "display_name": "Lumma", "target": null } ], "attack_ids": [ { "id": "T1090", "name": "Proxy", "display_name": "T1090 - Proxy" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1190", "name": "Exploit Public-Facing Application", "display_name": "T1190 - Exploit Public-Facing Application" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 457, "FileHash-MD5": 40, "FileHash-SHA1": 41, "FileHash-SHA256": 58, "CVE": 4, "domain": 26, "hostname": 81 }, "indicator_count": 707, "is_author": false, "is_subscribing": null, "subscriber_count": 107, "modified_text": "3 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "68c7ca350c27d4818d54bf62", "name": "Threat Intel Report - W34-2025", "description": "These are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week.", "modified": "2025-10-15T09:53:41.327000", "created": "2025-09-15T08:11:33.621000", "tags": [ "mozi", "microsoft", "grouped", "windows", "week", "group", "coinminer", "iocs", "august", "compromise", "agent tesla", "malware", "sliver", "amadey", "tycoon", "quasar", "service", "lumma", "tesla", "qilin" ], "references": [ "https://urlhaus.abuse.ch/", "https://any.run/malware-trends/" ], "public": 1, "adversary": "", "targeted_countries": [ "India", "Russian Federation" ], "malware_families": [ { "id": "Lumma", "display_name": "Lumma", "target": null }, { "id": "Tesla", "display_name": "Tesla", "target": null }, { "id": "Qilin", "display_name": "Qilin", "target": null } ], "attack_ids": [ { "id": "T1090", "name": "Proxy", "display_name": "T1090 - Proxy" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1543", "name": "Create or Modify System Process", "display_name": "T1543 - Create or Modify System Process" } ], "industries": [ "Cryptocurrency", "Government", "Defense" ], "TLP": "white", "cloned_from": null, "export_count": 18, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 52, "URL": 264, "FileHash-MD5": 13, "FileHash-SHA1": 13, "FileHash-SHA256": 17, "hostname": 60 }, "indicator_count": 419, "is_author": false, "is_subscribing": null, "subscriber_count": 105, "modified_text": "186 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "68a2ee2d7d72510c53fe83f4", "name": "Threat Intel Report - W32-2025", "description": "These are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week. \n\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools.", "modified": "2025-09-17T09:03:35.910000", "created": "2025-08-18T09:11:09.011000", "tags": [ "mozi", "microsoft", "week", "google", "iocs", "sonicwall", "grouped", "compromise", "cvss", "cvss base", "android", "agent tesla", "asyncrat", "remcos", "ruby", "august", "malware", "date", "telegram", "ransomhub", "malicious" ], "references": [ "https://any.run/malware-trends/", "https://urlhaus.abuse.ch/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 23, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 66, "hostname": 78, "URL": 207, "FileHash-MD5": 18, "FileHash-SHA1": 18, "FileHash-SHA256": 18, "CVE": 2 }, "indicator_count": 407, "is_author": false, "is_subscribing": null, "subscriber_count": 106, "modified_text": "214 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "687f7d01085b8f8ad65f8544", "name": "Threat Intel Report - W27-2025", "description": "These are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week. \n\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools.", "modified": "2025-08-21T11:04:34.944000", "created": "2025-07-22T11:58:57.903000", "tags": [ "mozi", "grouped", "week", "group", "iocs", "microsoft", "ingram micro", "compromise", "italy", "cvss", "grok", "mexico", "agent tesla", "amadey", "june", "malware", "telegram", "asyncrat", "april", "code", "police" ], "references": [ "https://urlhaus.abuse.ch/", "https://any.run/malware-trends/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 18, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 76, "URL": 193, "FileHash-MD5": 18, "FileHash-SHA1": 18, "FileHash-SHA256": 20, "domain": 64 }, "indicator_count": 389, "is_author": false, "is_subscribing": null, "subscriber_count": 105, "modified_text": "241 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "686392e508db0be867f7399e", "name": "Threat Intel Report - W25-2025", "description": "These are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week. \n\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools.", "modified": "2025-07-31T07:01:54.261000", "created": "2025-07-01T07:48:53.450000", "tags": [ "cobaltstrike", "microsoft", "week", "grouped", "iocs", "group", "compromise", "urls http", "dcrat", "cvss", "remcos", "asyncrat", "lazarus", "malware", "date", "coinminer", "sliver", "steam", "june", "friday", "godfather", "service", "telecom", "godfather android" ], "references": [ "https://urlhaus.abuse.ch/", "https://any.run/malware-trends/" ], "public": 1, "adversary": "Lazarus", "targeted_countries": [ "United States of America" ], "malware_families": [ { "id": "Godfather Android", "display_name": "Godfather Android", "target": null } ], "attack_ids": [ { "id": "T1068", "name": "Exploitation for Privilege Escalation", "display_name": "T1068 - Exploitation for Privilege Escalation" } ], "industries": [ "Cryptocurrency", "Insurance" ], "TLP": "white", "cloned_from": null, "export_count": 32, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 151, "FileHash-MD5": 15, "FileHash-SHA1": 15, "FileHash-SHA256": 18, "domain": 53, "hostname": 95 }, "indicator_count": 347, "is_author": false, "is_subscribing": null, "subscriber_count": 106, "modified_text": "262 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6818a371cc417c23e582dcc5", "name": "Threat Intel Report - W18-2025", "description": "These are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week. \n\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools. \n\nThese details may be used as an additional layer to verify the current security posture of an organization against latest cyber trends.", "modified": "2025-06-04T11:00:42.004000", "created": "2025-05-05T11:39:29.491000", "tags": [ "mozi", "grouped", "week", "microsoft", "group", "iocs", "gmail", "compromise", "urls http", "cvss", "amadey", "asyncrat", "remcos", "malware", "date", "clearfake", "telegram", "april", "stealc", "flash", "august", "magento", "nullbulge" ], "references": [ "https://urlhaus.abuse.ch/", "https://any.run/malware-trends/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 19, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 54, "domain": 50, "URL": 196, "FileHash-MD5": 8, "FileHash-SHA1": 8, "FileHash-SHA256": 18 }, "indicator_count": 334, "is_author": false, "is_subscribing": null, "subscriber_count": 105, "modified_text": "319 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "680f59605f2cdb05ecfe52b7", "name": "Threat Intel Report - W14-2025", "description": "These are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week. \n\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools.", "modified": "2025-05-28T10:02:27.221000", "created": "2025-04-28T10:33:04.500000", "tags": [ "mozi", "wsgidav", "grouped", "week", "group", "iocs", "turkey", "compromise", "asyncrat", "urls http", "clearfake", "ukraine", "amadey", "remcos", "malware", "date", "indonesia", "uruguay", "telegram", "enterprise", "mark" ], "references": [ "https://any.run/malware-trends/", "https://urlhaus.abuse.ch/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [ "Cryptocurrency" ], "TLP": "white", "cloned_from": null, "export_count": 18, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 85, "URL": 159, "FileHash-MD5": 13, "FileHash-SHA1": 13, "FileHash-SHA256": 17, "domain": 59 }, "indicator_count": 346, "is_author": false, "is_subscribing": null, "subscriber_count": 106, "modified_text": "326 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "680f5a8e01022a089e7764fb", "name": "Threat Intel Report - W15-2025", "description": "These are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week. \n\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools.", "modified": "2025-05-28T10:02:27.221000", "created": "2025-04-28T10:38:06.316000", "tags": [ "mozi", "grouped", "week", "group", "microsoft", "iocs", "clearfake", "compromise", "romania", "turkey", "stealc", "asyncrat", "amadey", "april", "malware", "date", "malicious", "mexico", "xworm", "telegram", "defender" ], "references": [ "https://any.run/malware-trends/", "https://urlhaus.abuse.ch/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [ "Cryptocurrency" ], "TLP": "white", "cloned_from": null, "export_count": 17, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 65, "URL": 170, "FileHash-MD5": 11, "FileHash-SHA1": 11, "FileHash-SHA256": 12, "hostname": 54 }, "indicator_count": 323, "is_author": false, "is_subscribing": null, "subscriber_count": 106, "modified_text": "326 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "680f5ba83da287237eb298c9", "name": "Threat Intel Report - W16-2025", "description": "These are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in a week. \n\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools.", "modified": "2025-05-28T10:02:27.221000", "created": "2025-04-28T10:42:48.579000", "tags": [ "mozi", "week", "clearfake", "iocs", "clickfix", "grouped", "compromise", "urls http", "cvss", "cvss base", "redline stealer", "remcos", "asyncrat", "malware", "date", "malicious", "telegram", "april", "android", "interlock" ], "references": [ "https://any.run/malware-trends/", "https://urlhaus.abuse.ch/" ], "public": 1, "adversary": "", "targeted_countries": [ "Korea, Democratic People's Republic of", "Iran, Islamic Republic of", "Russian Federation" ], "malware_families": [ { "id": "Interlock", "display_name": "Interlock", "target": null } ], "attack_ids": [], "industries": [ "Cryptocurrency", "Government" ], "TLP": "white", "cloned_from": null, "export_count": 19, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 72, "URL": 168, "domain": 59, "FileHash-MD5": 13, "FileHash-SHA1": 13, "FileHash-SHA256": 15, "CVE": 1 }, "indicator_count": 341, "is_author": false, "is_subscribing": null, "subscriber_count": 106, "modified_text": "326 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "680f5c36f8f8d4e2b86696c0", "name": "Threat Intel Report - W17-2025", "description": "These are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week. \n\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools.", "modified": "2025-05-28T10:02:27.221000", "created": "2025-04-28T10:45:10.012000", "tags": [ "mozi", "mozi link", "week", "microsoft", "iocs", "grouped", "compromise", "russia", "urls http", "cvss", "clearfake", "ukraine", "asyncrat", "remcos", "amadey", "dragonforce", "lazarus", "malware", "darktortilla", "stealc", "cobaltstrike", "telegram", "april", "february", "mtn", "wordpress" ], "references": [ "https://any.run/malware-trends/", "https://urlhaus.abuse.ch/" ], "public": 1, "adversary": "MTN", "targeted_countries": [ "Ukraine", "Korea, Republic of" ], "malware_families": [ { "id": "Wordpress", "display_name": "Wordpress", "target": null } ], "attack_ids": [ { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1102", "name": "Web Service", "display_name": "T1102 - Web Service" }, { "id": "T1189", "name": "Drive-by Compromise", "display_name": "T1189 - Drive-by Compromise" } ], "industries": [ "Telecommunications", "Cryptocurrency", "Telecom", "Finance" ], "TLP": "white", "cloned_from": null, "export_count": 26, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 66, "URL": 162, "domain": 76, "FileHash-MD5": 12, "FileHash-SHA1": 12, "FileHash-SHA256": 20 }, "indicator_count": 348, "is_author": false, "is_subscribing": null, "subscriber_count": 108, "modified_text": "326 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "https://www.secondwrite.com", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "https://www.secondwrite.com", "type": "URL", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1776641406.9524405 }