{ "type": "Domain", "indicator": "initialize-configs.com", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/initialize-configs.com", "alexa": "http://www.alexa.com/siteinfo/initialize-configs.com", "indicator": "initialize-configs.com", "type": "domain", "type_title": "Domain", "validation": [], "base_indicator": { "id": 4272703219, "indicator": "initialize-configs.com", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 1, "pulses": [ { "id": "69bd1b418caac13e8a1373e9", "name": "Amazon threat intelligence teams identify Interlock ransomware campaign targeting enterprise firewalls", "description": "Amazon threat intelligence has uncovered an ongoing Interlock ransomware campaign that exploits a critical vulnerability, CVE-2026-20131, in Cisco's Secure Firewall Management Center Software. Disclosed publicly by Cisco on March 4, 2026, this vulnerability allows unauthenticated remote attackers to execute arbitrary Java code with root privileges. Notably, Interlock began exploiting this zero-day vulnerability on January 26, 2026, 36 days prior to its public announcement, facilitating their ability to compromise organizations unnoticed.", "modified": "2026-04-19T09:39:09.842000", "created": "2026-03-20T10:02:41.314000", "tags": [ "ransomeware", "threat intelligence", "interlock", "amazon threat", "cisco", "cisco secure", "cve202620131", "center", "java code", "january", "http", "http put", "powershell", "desktop", "rats", "win64" ], "references": [ "https://aws.amazon.com/ru/blogs/security/amazon-threat-intelligence-teams-identify-interlock-ransomware-campaign-targeting-enterprise-firewalls/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Interlock", "display_name": "Interlock", "target": null } ], "attack_ids": [ { "id": "T1001", "name": "Data Obfuscation", "display_name": "T1001 - Data Obfuscation" }, { "id": "T1007", "name": "System Service Discovery", "display_name": "T1007 - System Service Discovery" }, { "id": "T1016", "name": "System Network Configuration Discovery", "display_name": "T1016 - System Network Configuration Discovery" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1033", "name": "System Owner/User Discovery", "display_name": "T1033 - System Owner/User Discovery" }, { "id": "T1047", "name": "Windows Management Instrumentation", "display_name": "T1047 - Windows Management Instrumentation" }, { "id": "T1049", "name": "System Network Connections Discovery", "display_name": "T1049 - System Network Connections Discovery" }, { "id": "T1053.003", "name": "Cron", "display_name": "T1053.003 - Cron" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1059.001", "name": "PowerShell", "display_name": "T1059.001 - PowerShell" } ], "industries": [ "Education", "Construction", "Manufacturing", "Industrial", "Healthcare", "Government" ], "TLP": "green", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "PetrP.73", "id": "154605", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 1, "FileHash-MD5": 3, "FileHash-SHA1": 1, "FileHash-SHA256": 2, "URL": 1, "domain": 12, "hostname": 1 }, "indicator_count": 21, "is_author": false, "is_subscribing": null, "subscriber_count": 546, "modified_text": "44 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "references": [ "https://aws.amazon.com/ru/blogs/security/amazon-threat-intelligence-teams-identify-interlock-ransomware-campaign-targeting-enterprise-firewalls/" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [] }, "other": { "adversary": [], "malware_families": [ "Interlock" ], "industries": [ "Healthcare", "Industrial", "Manufacturing", "Government", "Construction", "Education" ] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 1, "pulses": [ { "id": "69bd1b418caac13e8a1373e9", "name": "Amazon threat intelligence teams identify Interlock ransomware campaign targeting enterprise firewalls", "description": "Amazon threat intelligence has uncovered an ongoing Interlock ransomware campaign that exploits a critical vulnerability, CVE-2026-20131, in Cisco's Secure Firewall Management Center Software. Disclosed publicly by Cisco on March 4, 2026, this vulnerability allows unauthenticated remote attackers to execute arbitrary Java code with root privileges. Notably, Interlock began exploiting this zero-day vulnerability on January 26, 2026, 36 days prior to its public announcement, facilitating their ability to compromise organizations unnoticed.", "modified": "2026-04-19T09:39:09.842000", "created": "2026-03-20T10:02:41.314000", "tags": [ "ransomeware", "threat intelligence", "interlock", "amazon threat", "cisco", "cisco secure", "cve202620131", "center", "java code", "january", "http", "http put", "powershell", "desktop", "rats", "win64" ], "references": [ "https://aws.amazon.com/ru/blogs/security/amazon-threat-intelligence-teams-identify-interlock-ransomware-campaign-targeting-enterprise-firewalls/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Interlock", "display_name": "Interlock", "target": null } ], "attack_ids": [ { "id": "T1001", "name": "Data Obfuscation", "display_name": "T1001 - Data Obfuscation" }, { "id": "T1007", "name": "System Service Discovery", "display_name": "T1007 - System Service Discovery" }, { "id": "T1016", "name": "System Network Configuration Discovery", "display_name": "T1016 - System Network Configuration Discovery" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1033", "name": "System Owner/User Discovery", "display_name": "T1033 - System Owner/User Discovery" }, { "id": "T1047", "name": "Windows Management Instrumentation", "display_name": "T1047 - Windows Management Instrumentation" }, { "id": "T1049", "name": "System Network Connections Discovery", "display_name": "T1049 - System Network Connections Discovery" }, { "id": "T1053.003", "name": "Cron", "display_name": "T1053.003 - Cron" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1059.001", "name": "PowerShell", "display_name": "T1059.001 - PowerShell" } ], "industries": [ "Education", "Construction", "Manufacturing", "Industrial", "Healthcare", "Government" ], "TLP": "green", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "PetrP.73", "id": "154605", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 1, "FileHash-MD5": 3, "FileHash-SHA1": 1, "FileHash-SHA256": 2, "URL": 1, "domain": 12, "hostname": 1 }, "indicator_count": 21, "is_author": false, "is_subscribing": null, "subscriber_count": 546, "modified_text": "44 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "initialize-configs.com", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "initialize-configs.com", "found": false, "verdict": "clean", "urls": [], "error": null }, "from_cache": true, "_cached_at": 1780421124.337242 }