{ "type": "Domain", "indicator": "mssync.one", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/mssync.one", "alexa": "http://www.alexa.com/siteinfo/mssync.one", "indicator": "mssync.one", "type": "domain", "type_title": "Domain", "validation": [], "base_indicator": { "id": 3551390225, "indicator": "mssync.one", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 21, "pulses": [ { "id": "632323f7b974ea595174c847", "name": "Iranian Islamic Revolutionary Guard Corps-Affiliated Cyber Actors Exploiting Vulnerabilities for Data Extortion and Disk Encryption for Ransom Operations | CISA", "description": "Iranian government-sponsored APT actors are exploiting known Fortinet and Microsoft Exchange vulnerabilities to gain initial access to a broad range of targeted entities in furtherance of malicious activities, including ransom operations. The authoring agencies now judge these actors are an APT group affiliated with the IRGC.", "modified": "2022-10-15T12:01:33.826000", "created": "2022-09-15T13:09:10.174000", "tags": [ "ProxyShell", "Log4j", "Ransomware", "Winrar", "Credentials", "Bitlocker" ], "references": [ "https://www.cisa.gov/uscert/ncas/alerts/aa22-257a" ], "public": 1, "adversary": "IRGC", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1021", "name": "Remote Services", "display_name": "T1021 - Remote Services" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1087", "name": "Account Discovery", "display_name": "T1087 - Account Discovery" }, { "id": "T1068", "name": "Exploitation for Privilege Escalation", "display_name": "T1068 - Exploitation for Privilege Escalation" }, { "id": "T1495", "name": "Firmware Corruption", "display_name": "T1495 - Firmware Corruption" }, { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1136", "name": "Create Account", "display_name": "T1136 - Create Account" }, { "id": "T1190", "name": "Exploit Public-Facing Application", "display_name": "T1190 - Exploit Public-Facing Application" }, { "id": "T1486", "name": "Data Encrypted for Impact", "display_name": "T1486 - Data Encrypted for Impact" }, { "id": "T1560", "name": "Archive Collected Data", "display_name": "T1560 - Archive Collected Data" }, { "id": "T1588", "name": "Obtain Capabilities", "display_name": "T1588 - Obtain Capabilities" } ], "industries": [ "Critical Infrastructure" ], "TLP": "white", "cloned_from": null, "export_count": 540, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "CVE": 14, "FileHash-MD5": 14, "FileHash-SHA1": 11, "FileHash-SHA256": 11, "domain": 11, "email": 2 }, "indicator_count": 63, "is_author": false, "is_subscribing": null, "subscriber_count": 386726, "modified_text": "1325 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "686510765c13a0e97e20cb9c", "name": "Iranian APT actor-APT35 pt3", "description": "", "modified": "2025-08-01T10:03:06.225000", "created": "2025-07-02T10:56:54.075000", "tags": [], "references": [ "APT35 pt3.pdf" ], "public": 1, "adversary": "APT35, Charming Kitten, Mint Sandstorm, Cobalt Mirage", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 23, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "IMEBEEIMFINE", "id": "343873", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 124, "FileHash-SHA1": 103, "FileHash-SHA256": 106, "CVE": 6, "domain": 337, "email": 4, "hostname": 229 }, "indicator_count": 909, "is_author": false, "is_subscribing": null, "subscriber_count": 41, "modified_text": "304 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "68897aac34d205d5cfc55c74", "name": "Threat Actor Profile: Mirage", "description": "# Mirage - Threat Actor Profile\n\n**Report Date**: 2025-07-30\n\n**Actor Type**: unknown\n\n## Description\nMirage is a sophisticated cyber espionage group believed to be linked to Chinas Peoples Liberation Army PLA. The groups primary focus is on intelligence gathering, targeting sectors like aerospace and defense. They employ a variety of tactics and tools, including custom malware.\n\n## Targeted Sectors\n* Administraci\u00f3n p\u00fablica\n* Transporte a\u00e9reo\n* Manufactura\n* Investigaci\u00f3n y tecnolog\u00eda espacial\n* Servicios p\u00fablicos\n* ... y 10 m\u00e1s\n\n## Targeted Countries\n* Rep\u00fablica Dominicana\n* India 2\n* Ghana\n* Siria\n* Venezuela\n* ... y 61 m\u00e1s", "modified": "2025-07-30T01:51:40.989000", "created": "2025-07-30T01:51:40.989000", "tags": [ "threat_actor", "unknown", "target:Dominican Republic", "target:India 2", "target:Ghana", "target:Siria", "target:Venezuela", "target:India", "target:Switzerland", "target:El Salvador", "target:Italy", "target:Mali", "target:Colombia", "target:Pakistan", "target:Panama", "target:Barbados", "target:Bulgaria", "target:But\u00e1n", "target:Albania", "target:South Africa", "target:Uzbekist\u00e1n", "target:Chequia", "target:Ecuador", "target:Eslovaquia", "target:Guatemala", "target:Belgium", "target:Montenegro", "target:Malaysia", "target:Poland", "target:Egypt", "target:EE.UU.", "target:Trinidad y Tobago", "target:Afganist\u00e1n", "target:Georgia", "target:Nigeria", "target:Saudi Arabia", "target:Brazil", "target:France", "target:Indonesia", "target:Chile", "target:Jamaica", "target:Hungary", "target:Portugal", "target:United Kingdom", "target:Peru", "target:Iran", "target:Turqu\u00eda", "target:Kazajist\u00e1n", "target:Bosnia y Herzegovina", "target:China", "target:Sri Lanka", "target:Croacia", "target:Germany", "target:Libia", "target:Mexico", "target:United Arab Emirates", "target:Argentina", "target:Global", "target:Netherlands", "target:Japan", "target:Bolivia", "target:Yibuti", "target:Vietnam", "target:Fiyi", "target:Cuba", "target:Camboya", "target:Taiw\u00e1n", "target:United States" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 20, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "fraevolquez", "id": "91700", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 6, "hostname": 48, "domain": 41 }, "indicator_count": 95, "is_author": false, "is_subscribing": null, "subscriber_count": 55, "modified_text": "306 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6851f4070f95e4f44c09efcf", "name": "Threat Actor Profile: Mirage", "description": "# Mirage - Threat Actor Profile\n\n**Report Date**: 2025-06-17\n\n**Actor Type**: unknown\n\n## Description\nMirage is a sophisticated cyber espionage group believed to be linked to Chinas Peoples Liberation Army PLA. The groups primary focus is on intelligence gathering, targeting sectors like aerospace and defense. They employ a variety of tactics and tools, including custom malware.\n\n## Targeted Sectors\n* Administraci\u00f3n p\u00fablica\n* Transporte a\u00e9reo\n* Manufactura\n* Investigaci\u00f3n y tecnolog\u00eda espacial\n* Servicios p\u00fablicos\n* ... y 10 m\u00e1s\n\n## Targeted Countries\n* Rep\u00fablica Dominicana\n* India 2\n* Ghana\n* Siria\n* Venezuela\n* ... y 61 m\u00e1s", "modified": "2025-06-17T23:02:30.349000", "created": "2025-06-17T23:02:30.349000", "tags": [ "threat_actor", "unknown", "target:Dominican Republic", "target:India 2", "target:Ghana", "target:Siria", "target:Venezuela", "target:India", "target:Switzerland", "target:El Salvador", "target:Italy", "target:Mali", "target:Colombia", "target:Pakistan", "target:Panama", "target:Barbados", "target:Bulgaria", "target:But\u00e1n", "target:Albania", "target:South Africa", "target:Uzbekist\u00e1n", "target:Chequia", "target:Ecuador", "target:Eslovaquia", "target:Guatemala", "target:Belgium", "target:Montenegro", "target:Malaysia", "target:Poland", "target:Egypt", "target:EE.UU.", "target:Trinidad y Tobago", "target:Afganist\u00e1n", "target:Georgia", "target:Nigeria", "target:Saudi Arabia", "target:Brazil", "target:France", "target:Indonesia", "target:Chile", "target:Jamaica", "target:Hungary", "target:Portugal", "target:United Kingdom", "target:Peru", "target:Iran", "target:Turqu\u00eda", "target:Kazajist\u00e1n", "target:Bosnia y Herzegovina", "target:China", "target:Sri Lanka", "target:Croacia", "target:Germany", "target:Libia", "target:Mexico", "target:United Arab Emirates", "target:Argentina", "target:Global", "target:Netherlands", "target:Japan", "target:Bolivia", "target:Yibuti", "target:Vietnam", "target:Fiyi", "target:Cuba", "target:Camboya", "target:Taiw\u00e1n", "target:United States" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 20, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "fraevolquez", "id": "91700", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 6, "hostname": 48, "domain": 41 }, "indicator_count": 95, "is_author": false, "is_subscribing": null, "subscriber_count": 56, "modified_text": "348 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "683df46be3b5f1ff932aa84a", "name": "Threat Actor Profile: Mirage", "description": "# Mirage - Threat Actor Profile\n\n**Report Date**: 2025-06-02\n\n**Actor Type**: unknown\n\n## Description\nMirage is a sophisticated cyber espionage group believed to be linked to Chinas Peoples Liberation Army PLA. The groups primary focus is on intelligence gathering, targeting sectors like aerospace and defense. They employ a variety of tactics and tools, including custom malware.\n\n## Targeted Sectors\n* Administraci\u00f3n p\u00fablica\n* Transporte a\u00e9reo\n* Manufactura\n* Investigaci\u00f3n y tecnolog\u00eda espacial\n* Servicios p\u00fablicos\n* ... y 10 m\u00e1s\n\n## Targeted Countries\n* Rep\u00fablica Dominicana\n* India 2\n* Ghana\n* Siria\n* Venezuela\n* ... y 61 m\u00e1s", "modified": "2025-06-02T18:58:51.287000", "created": "2025-06-02T18:58:51.287000", "tags": [ "threat_actor", "unknown", "target:Dominican Republic", "target:India 2", "target:Ghana", "target:Siria", "target:Venezuela", "target:India", "target:Switzerland", "target:El Salvador", "target:Italy", "target:Mali", "target:Colombia", "target:Pakistan", "target:Panama", "target:Barbados", "target:Bulgaria", "target:But\u00e1n", "target:Albania", "target:South Africa", "target:Uzbekist\u00e1n", "target:Chequia", "target:Ecuador", "target:Eslovaquia", "target:Guatemala", "target:Belgium", "target:Montenegro", "target:Malaysia", "target:Poland", "target:Egypt", "target:EE.UU.", "target:Trinidad y Tobago", "target:Afganist\u00e1n", "target:Georgia", "target:Nigeria", "target:Saudi Arabia", "target:Brazil", "target:France", "target:Indonesia", "target:Chile", "target:Jamaica", "target:Hungary", "target:Portugal", "target:United Kingdom", "target:Peru", "target:Iran", "target:Turqu\u00eda", "target:Kazajist\u00e1n", "target:Bosnia y Herzegovina", "target:China", "target:Sri Lanka", "target:Croacia", "target:Germany", "target:Libia", "target:Mexico", "target:United Arab Emirates", "target:Argentina", "target:Global", "target:Netherlands", "target:Japan", "target:Bolivia", "target:Yibuti", "target:Vietnam", "target:Fiyi", "target:Cuba", "target:Camboya", "target:Taiw\u00e1n", "target:United States" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "fraevolquez", "id": "91700", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 6, "hostname": 48, "domain": 41 }, "indicator_count": 95, "is_author": false, "is_subscribing": null, "subscriber_count": 55, "modified_text": "363 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "681d16a9fdb8ff7bfe8db459", "name": "Threat Actor Profile: Mirage", "description": "# Mirage - Threat Actor Profile\n\n**Report Date**: 2025-05-08\n\n**Actor Type**: unknown\n\n## Description\nMirage is a sophisticated cyber espionage group believed to be linked to Chinas Peoples Liberation Army PLA. The groups primary focus is on intelligence gathering, targeting sectors like aerospace and defense. They employ a variety of tactics and tools, including custom malware.\n\n## Targeted Sectors\n* Administraci\u00f3n p\u00fablica\n* Transporte a\u00e9reo\n* Manufactura\n* Investigaci\u00f3n y tecnolog\u00eda espacial\n* Servicios p\u00fablicos\n* ... y 10 m\u00e1s\n\n## Targeted Countries\n* Rep\u00fablica Dominicana\n* India 2\n* Ghana\n* Siria\n* Venezuela\n* ... y 61 m\u00e1s", "modified": "2025-05-08T20:40:09.409000", "created": "2025-05-08T20:40:09.409000", "tags": [ "threat_actor", "unknown", "target:Dominican Republic", "target:India 2", "target:Ghana", "target:Siria", "target:Venezuela", "target:India", "target:Switzerland", "target:El Salvador", "target:Italy", "target:Mali", "target:Colombia", "target:Pakistan", "target:Panama", "target:Barbados", "target:Bulgaria", "target:But\u00e1n", "target:Albania", "target:South Africa", "target:Uzbekist\u00e1n", "target:Chequia", "target:Ecuador", "target:Eslovaquia", "target:Guatemala", "target:Belgium", "target:Montenegro", "target:Malaysia", "target:Poland", "target:Egypt", "target:EE.UU.", "target:Trinidad y Tobago", "target:Afganist\u00e1n", "target:Georgia", "target:Nigeria", "target:Saudi Arabia", "target:Brazil", "target:France", "target:Indonesia", "target:Chile", "target:Jamaica", "target:Hungary", "target:Portugal", "target:United Kingdom", "target:Peru", "target:Iran", "target:Turqu\u00eda", "target:Kazajist\u00e1n", "target:Bosnia y Herzegovina", "target:China", "target:Sri Lanka", "target:Croacia", "target:Germany", "target:Libia", "target:Mexico", "target:United Arab Emirates", "target:Argentina", "target:Global", "target:Netherlands", "target:Japan", "target:Bolivia", "target:Yibuti", "target:Vietnam", "target:Fiyi", "target:Cuba", "target:Camboya", "target:Taiw\u00e1n", "target:United States" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "fraevolquez", "id": "91700", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 6, "hostname": 48, "domain": 41 }, "indicator_count": 95, "is_author": false, "is_subscribing": null, "subscriber_count": 55, "modified_text": "388 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "680190c45c13710c439a3db0", "name": "Threat Actor Profile: Mirage", "description": "# Mirage - Threat Actor Profile\n\n**Report Date**: 2025-04-17\n\n**Actor Type**: unknown\n\n## Description\nMirage is a sophisticated cyber espionage group believed to be linked to Chinas Peoples Liberation Army PLA. The groups primary focus is on intelligence gathering, targeting sectors like aerospace and defense. They employ a variety of tactics and tools, including custom malware.\n\n## Targeted Sectors\n* Administraci\u00f3n p\u00fablica\n* Transporte a\u00e9reo\n* Manufactura\n* Investigaci\u00f3n y tecnolog\u00eda espacial\n* Servicios p\u00fablicos\n* ... y 10 m\u00e1s\n\n## Targeted Countries\n* Rep\u00fablica Dominicana\n* India 2\n* Ghana\n* Siria\n* Venezuela\n* ... y 61 m\u00e1s", "modified": "2025-04-17T23:37:40.060000", "created": "2025-04-17T23:37:40.060000", "tags": [ "threat_actor", "unknown", "target:Dominican Republic", "target:India 2", "target:Ghana", "target:Siria", "target:Venezuela", "target:India", "target:Switzerland", "target:El Salvador", "target:Italy", "target:Mali", "target:Colombia", "target:Pakistan", "target:Panama", "target:Barbados", "target:Bulgaria", "target:But\u00e1n", "target:Albania", "target:South Africa", "target:Uzbekist\u00e1n", "target:Chequia", "target:Ecuador", "target:Eslovaquia", "target:Guatemala", "target:Belgium", "target:Montenegro", "target:Malaysia", "target:Poland", "target:Egypt", "target:EE.UU.", "target:Trinidad y Tobago", "target:Afganist\u00e1n", "target:Georgia", "target:Nigeria", "target:Saudi Arabia", "target:Brazil", "target:France", "target:Indonesia", "target:Chile", "target:Jamaica", "target:Hungary", "target:Portugal", "target:United Kingdom", "target:Peru", "target:Iran", "target:Turqu\u00eda", "target:Kazajist\u00e1n", "target:Bosnia y Herzegovina", "target:China", "target:Sri Lanka", "target:Croacia", "target:Germany", "target:Libia", "target:Mexico", "target:United Arab Emirates", "target:Argentina", "target:Global", "target:Netherlands", "target:Japan", "target:Bolivia", "target:Yibuti", "target:Vietnam", "target:Fiyi", "target:Cuba", "target:Camboya", "target:Taiw\u00e1n", "target:United States" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "fraevolquez", "id": "91700", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 6, "hostname": 48, "domain": 41 }, "indicator_count": 95, "is_author": false, "is_subscribing": null, "subscriber_count": 55, "modified_text": "409 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "67ff13e09a7b60d18a996220", "name": "Threat Actor Profile: Mirage", "description": "# Mirage - Threat Actor Profile\n\n**Report Date**: 2025-04-16\n\n**Actor Type**: unknown\n\n## Description\nMirage is a sophisticated cyber espionage group believed to be linked to Chinas Peoples Liberation Army PLA. The groups primary focus is on intelligence gathering, targeting sectors like aerospace and defense. They employ a variety of tactics and tools, including custom malware.\n\n## Techniques\n* T1497\n* T1114.002\n* T1114\n* T1001\n* T1094\n* ... y 204 m\u00e1s\n\n## Targeted Sectors\n* Administraci\u00f3n p\u00fablica\n* Transporte a\u00e9reo\n* Manufactura\n* Investigaci\u00f3n y tecnolog\u00eda espacial\n* Servicios p\u00fablicos\n* ... y 10 m\u00e1s\n\n## Targeted Countries\n* Rep\u00fablica Dominicana\n* India 2\n* Ghana\n* Siria\n* Venezuela\n* ... y 61 m\u00e1s", "modified": "2025-04-16T02:20:16.466000", "created": "2025-04-16T02:20:16.466000", "tags": [ "threat_actor", "unknown", "T1497", "T1114.002", "T1114", "T1001", "T1094", "T1566.001", "T1068", "T1087.003", "T1111", "T1059.003", "T1053.002", "T1053.006", "TA0037", "T1014", "T1598.003", "T1602.002", "T1444", "T1081", "TA0004", "T1598.001", "T1598", "T1053.001", "T1574", "T1017", "T1602", "TA0002", "T1202", "T1194", "TA0005", "TA0011", "T1059.006", "T1031", "T1059", "T1055.004", "T1192", "T1574.006", "T1566.002", "T1156", "T1055.008", "T1056.003", "T1560", "T1053.007", "T1583.002", "T1055.001", "T1082", "T1027", "T1608.005", "T1071.001", "T1566", "T1038", "T1589", "T1041", "T1534", "T1105", "TA0009", "T1204.001", "T1155", "T1049", "T1001.003", "T1445", "T1056.001", "T1071.004", "T1608.001", "T1055.002", "T1210", "T1056", "T1450", "TA0006", "T1193", "T1055", "TA0043", "T1493", "TA0003", "TA0007", "T1491", "T1036", "T1036.004", "T1503", "T1114.001", "T1449", "T1566.003", "T1053", "T1110.002", "T1053.003", "T1459", "T1001.001", "T1598.002", "T1140", "T1059.007", "T1496", "TA0001", "T1088", "T1113", "T1071.003", "T1012", "T1046", "T1114.003", "T1129", "T1125", "T1071", "T1583.005_102", "106_T1056", "T1036.002", "T1112", "T1018", "T1021.002", "T1036.005", "T1547", "T1057", "T1008", "T1518", "T1170", "T1021", "T1011", "T1060", "T1539", "T1418", "T1614.001", "T1087.002", "T1021.001", "T1040", "T1020", "T1213", "T1069", "T1587", "T1533", "T1003.003", "T1003.004", "T1560.001", "T1548.002", "T1087", "T1069.002", "T1095", "T1426", "T1102", "T1201", "T1222", "T1070", "T1074", "T1033", "T1130", "T1569", "T1078.002", "T1552", "T1106", "T1190", "T1007", "T1495", "T1133", "T1090", "T1547.001", "T1588.002", "T1016", "T1422", "T1137", "T1588", "T1119", "T1437", "T1124", "T1569.002", "T1134", "T1005", "T1005.001", "T1003.002", "T1903", "T1059.001", "T1853", "T1115", "T1543.003", "T1430", "T1087.001", "T1587.001", "T1562.001", "T1543", "T1489", "T1078", "T1614", "T1509", "T1078.004", "T1083", "T1592.004", "T1558.001", "T1558", "T1530", "T1213.002", "T1047", "T1085", "T1003", "T1003.001", "T1120", "T1217", "T1074.001", "T1010", "T1218", "T1048", "T1553", "T1490", "T1497.003", "T1055.003", "T1571", "T11955", "T1204.002", "T1199", "T1204.", "T1595.002", "T1102.002", "T1583.003", "T1027.009", "T1027.013", "target:Dominican Republic", "target:India 2", "target:Ghana", "target:Siria", "target:Venezuela", "target:India", "target:Switzerland", "target:El Salvador", "target:Italy", "target:Mali", "target:Colombia", "target:Pakistan", "target:Panama", "target:Barbados", "target:Bulgaria", "target:But\u00e1n", "target:Albania", "target:South Africa", "target:Uzbekist\u00e1n", "target:Chequia", "target:Ecuador", "target:Eslovaquia", "target:Guatemala", "target:Belgium", "target:Montenegro", "target:Malaysia", "target:Poland", "target:Egypt", "target:EE.UU.", "target:Trinidad y Tobago", "target:Afganist\u00e1n", "target:Georgia", "target:Nigeria", "target:Saudi Arabia", "target:Brazil", "target:France", "target:Indonesia", "target:Chile", "target:Jamaica", "target:Hungary", "target:Portugal", "target:United Kingdom", "target:Peru", "target:Iran", "target:Turqu\u00eda", "target:Kazajist\u00e1n", "target:Bosnia y Herzegovina", "target:China", "target:Sri Lanka", "target:Croacia", "target:Germany", "target:Libia", "target:Mexico", "target:United Arab Emirates", "target:Argentina", "target:Global", "target:Netherlands", "target:Japan", "target:Bolivia", "target:Yibuti", "target:Vietnam", "target:Fiyi", "target:Cuba", "target:Camboya", "target:Taiw\u00e1n", "target:United States" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "fraevolquez", "id": "91700", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 6, "hostname": 48, "domain": 41 }, "indicator_count": 95, "is_author": false, "is_subscribing": null, "subscriber_count": 55, "modified_text": "411 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "67733b72d522398f5ea0a12d", "name": "Indicadores de Compromiso Estudiio de Inteligencia de Amenaza para Maestr\u00eda UASD Sobre Actores identificados en SOC Radar", "description": "Indicadores de Compromiso Estudiio de Inteligencia de Amenaza para Maestr\u00eda UASD Sobre Actores identificados en SOC Radar con Intereses en la Administraci\u00f3n P\u00fablica de la Rep\u00fablica Dominicana, Diciembre 2024", "modified": "2025-01-30T00:00:18.927000", "created": "2024-12-31T00:31:46.858000", "tags": [ "cve201711882", "cve20201472" ], "references": [], "public": 1, "adversary": "El Machete, TAG-100, Mirage, Unamed_Grooup", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 7, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "fraevolquez", "id": "91700", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 2631, "FileHash-SHA1": 2168, "FileHash-SHA256": 3401, "CVE": 25, "domain": 977, "hostname": 1226 }, "indicator_count": 10428, "is_author": false, "is_subscribing": null, "subscriber_count": 69, "modified_text": "487 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "677337a16d3d2b051137f251", "name": "Mirage", "description": "Mirage es un grupo de ciberespionaje vinculado al Ej\u00e9rcito Popular de Liberaci\u00f3n de China, centrado en la recopilaci\u00f3n de inteligencia en sectores como aeroespacial y defensa. Utilizan malware personalizado, spear-phishing y ataques a sitios web para infiltrar organizaciones.", "modified": "2025-01-30T00:00:18.927000", "created": "2024-12-31T00:15:29.657000", "tags": [], "references": [], "public": 1, "adversary": "Mirage", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 9, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "fraevolquez", "id": "91700", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 399, "FileHash-SHA1": 367, "FileHash-SHA256": 379, "CVE": 6, "domain": 41, "hostname": 48 }, "indicator_count": 1240, "is_author": false, "is_subscribing": null, "subscriber_count": 58, "modified_text": "487 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "64b8f4d80b0e4b622175ebd5", "name": "Novatech Threat Feed", "description": "Large collection of Threats compiled for STIX integrations.", "modified": "2023-08-19T08:04:35.475000", "created": "2023-07-20T08:48:24.069000", "tags": [ "ipv4", "port scan", "indicator", "alienvault", "open threat", "sha1", "misp threat", "actor list", "identify", "frp tool", "volt typhoon", "pla unit", "group", "china", "united", "guard corps", "vulnerabilities", "data extortion", "disk encryption", "sha256", "cisa", "apt group", "fortinet", "mobile", "android", "url request", "exchange", "detection", "techniques", "cactus", "march", "fortinet vpn", "employs unique", "proxyshell", "log4j", "sonicwall", "proxylogon", "unit", "report", "cloud", "attack threats", "teamtnt", "december", "apache log4j2", "docker remote", "threats", "cve202329180", "psirt", "botnet list", "filter", "malware filter", "domains", "data", "list", "emerges", "malware", "horizon", "research", "cril", "trigona", "strain", "beeware", "vice society", "tale", "victim data", "exfiltration", "powershell", "ransomware", "lockbit team", "latest double", "extortion group", "cleaning", "bablock", "rorschach", "otx pulsenamean", "ransom", "delphi", "attacking", "how real", "lockbit", "macho", "macho binaries", "cofense", "latest ato", "ccsg asnas14061", "digitaloceanasn", "spread malware", "qbot banking", "trojan campaign", "emails", "qbot malware", "april", "germany", "argentina", "qakbot", "pinkslipbot", "cobalt strike", "ransomware gang", "continues", "golandbuildpe", "uses revamped", "fin8 uses", "backdoor", "generic trojan", "stopransomware", "otx pulsename", "us department", "health", "social security", "hive ransomware", "uac0050", "remcos program", "court", "kyiv", "team", "ukraine certua", "malicious java", "archive", "access", "polygot", "icedid malware", "cybereason", "iso file", "lnk file", "windows", "ttps", "conti", "fivehands", "a variant", "ciau2019s hive", "attack kit", "hive trapelato", "leads", "threat alert", "million", "ransom payments", "u2013 active", "iocs", "rewterz", "u2013 hive", "november", "rewterz threat", "hive project", "october", "elf file", "virustotal", "xdr33", "trojan", "cia hive", "new backdoor", "urlhaus feed", "9rxd8gdj8", "pvbl1pdbmxc", "ttehg47bmx", "ohr0kszrhp4", "sigremoteadmin1", "analysis" ], "references": [ "https://otx.alienvault.com/otxapi/pulses/64b85cf7e569e75ec395696c/export/?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6Ik5vdmF0ZWNoVGhyZWF0RmVlZCIsInZhbHVlIjpbIjY0Yjg1Y2Y3ZTU2OWU3NWVjMzk1Njk2YyIsImNzdiJdLCJleHAiOjE2ODk5MjU0NDh9.OQ8AtbbcrzENc2m6bwyPQyJyZJsu3aSlNXCBwGVJaB8&format=csv", "https://otx.alienvault.com/pulse/6488e17e5b38aad62e392783", "https://otx.alienvault.com/pulse/647df94cade6a91f2f7185a3", "https://otx.alienvault.com/pulse/6459446e51e8c709f5b9ba99", "https://otx.alienvault.com/pulse/6328a57ec461f46ac6a1b985", "https://otx.alienvault.com/otxapi/pulses/647df94c950882207d03c2d0/export/?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6Ik5vdmF0ZWNoVGhyZWF0RmVlZCIsInZhbHVlIjpbIjY0N2RmOTRjOTUwODgyMjA3ZDAzYzJkMCIsInN0aXgyLjEiXSwiZXhwIjoxNjg5OTI2MDUyfQ.22bH0CciQD9VMzwcoravKfpF-WAGR8T8l15vvJq8NV8&format=stix2.1", "https://otx.alienvault.com/otxapi/pulses/6328a57ec461f46ac6a1b985/export/?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6Ik5vdmF0ZWNoVGhyZWF0RmVlZCIsInZhbHVlIjpbIjYzMjhhNTdlYzQ2MWY0NmFjNmExYjk4NSIsInN0aXgyLjEiXSwiZXhwIjoxNjg5OTI2MDgwfQ.PFo9rSoIPJVSkJXFWURYey8A3OUbssVOchWJh5Xi9rs&format=stix2.1", "https://otx.alienvault.com/otxapi/pulses/622603f902b921bbbc9ab78d/export/?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6Ik5vdmF0ZWNoVGhyZWF0RmVlZCIsInZhbHVlIjpbIjYyMjYwM2Y5MDJiOTIxYmJiYzlhYjc4ZCIsInN0aXgyLjEiXSwiZXhwIjoxNjg5OTI2MTE3fQ.jClDCc0MliUwhQ4Qib7O_Ej23bsHGzLq34A8LXbz5oo&format=stix2.1", "https://otx.alienvault.com/otxapi/pulses/6459446e51e8c709f5b9ba99/export/?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6Ik5vdmF0ZWNoVGhyZWF0RmVlZCIsInZhbHVlIjpbIjY0NTk0NDZlNTFlOGM3MDlmNWI5YmE5OSIsInN0aXgyLjEiXSwiZXhwIjoxNjg5OTI2MTQxfQ.vi3ZVOWL32HzqZRMWBPucDea4U2PD6yJb2QaPm5lF-Q&format=stix2.1", "https://otx.alienvault.com/otxapi/pulses/62ea7df481ecb7b1966c3e36/export/?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6Ik5vdmF0ZWNoVGhyZWF0RmVlZCIsInZhbHVlIjpbIjYyZWE3ZGY0ODFlY2I3YjE5NjZjM2UzNiIsInN0aXgyLjEiXSwiZXhwIjoxNjg5OTI2MTYzfQ.Iz1Lf2XXaTV5zhSciszsbV8eKJ09dZP0JNmehv_NYKk&format=stix2.1", "https://otx.alienvault.com/otxapi/pulses/6213b203dd1fae0e1c1e389c/export/?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6Ik5vdmF0ZWNoVGhyZWF0RmVlZCIsInZhbHVlIjpbIjYyMTNiMjAzZGQxZmFlMGUxYzFlMzg5YyIsInN0aXgyLjEiXSwiZXhwIjoxNjg5OTI2MTg1fQ.jpPxQJgrUDUcn4s37djLT1ZKYnYMG6665oYVOByOtDw&format=stix2.1", "https://otx.alienvault.com/otxapi/pulses/6488e17e5b38aad62e392783/export/?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6Ik5vdmF0ZWNoVGhyZWF0RmVlZCIsInZhbHVlIjpbIjY0ODhlMTdlNWIzOGFhZDYyZTM5Mjc4MyIsInN0aXgyLjEiXSwiZXhwIjoxNjg5OTI2MjUzfQ.1ddMjIWc5iLhP4qRG6Qhwsrs3VTccJsa5EwRqAcJ1dA&format=stix2.1", "https://otx.alienvault.com/otxapi/pulses/647df94cade6a91f2f7185a3/export/?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6Ik5vdmF0ZWNoVGhyZWF0RmVlZCIsInZhbHVlIjpbIjY0N2RmOTRjYWRlNmE5MWYyZjcxODVhMyIsInN0aXgyLjEiXSwiZXhwIjoxNjg5OTI2Mjg3fQ.KIAbBzSeZtxo7rQDXpoIjfJeShg40CHYp3FG8o6trXs&format=stix2.1", "https://otx.alienvault.com/otxapi/pulses/64b47f8cb603db3b79111a89/export/?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6Ik5vdmF0ZWNoVGhyZWF0RmVlZCIsInZhbHVlIjpbIjY0YjQ3ZjhjYjYwM2RiM2I3OTExMWE4OSIsInN0aXgyLjEiXSwiZXhwIjoxNjg5OTI2MzYwfQ.FJBYg1af8-c2CYfMgeQWhm6BnwDmgh7D3DTqFq1IxL8&format=stix2.1", "https://otx.alienvault.com/otxapi/pulses/64b4716072dffa38b11bfbe7/export/?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6Ik5vdmF0ZWNoVGhyZWF0RmVlZCIsInZhbHVlIjpbIjY0YjQ3MTYwNzJkZmZhMzhiMTFiZmJlNyIsInN0aXgyLjEiXSwiZXhwIjoxNjg5OTI2Mzg2fQ.-2WL3r9weJIzGJYlTpxpcJcZzofdjM7i1KqiAvBHv5Y&format=stix2.1", "https://otx.alienvault.com/otxapi/pulses/64b08b009734df5ccdd377bf/export/?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6Ik5vdmF0ZWNoVGhyZWF0RmVlZCIsInZhbHVlIjpbIjY0YjA4YjAwOTczNGRmNWNjZGQzNzdiZiIsInN0aXgyLjEiXSwiZXhwIjoxNjg5OTI2NDIwfQ.loAonIXFIlmaqxCC9JrjuCH1_TcH0WibuxX3Uuw-GdU&format=stix2.1", "https://otx.alienvault.com/otxapi/pulses/64af399779cd57baa6c4fb86/export/?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6Ik5vdmF0ZWNoVGhyZWF0RmVlZCIsInZhbHVlIjpbIjY0YWYzOTk3NzljZDU3YmFhNmM0ZmI4NiIsInN0aXgyLjEiXSwiZXhwIjoxNjg5OTI2NDUxfQ.lriZjad__q4yyoq-TTC5-uyTG1HMBq_BShMUGMNAC4g&format=stix2.1", "https://otx.alienvault.com/otxapi/pulses/64af3998874ce6c230ed5ecc/export/?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6Ik5vdmF0ZWNoVGhyZWF0RmVlZCIsInZhbHVlIjpbIjY0YWYzOTk4ODc0Y2U2YzIzMGVkNWVjYyIsInN0aXgyLjEiXSwiZXhwIjoxNjg5OTI2NDc1fQ.Lbbp_5-W4511P7u_DpeHFhiIOsy7tlkeFpwfwOYPpHU&format=stix2.1", "https://otx.alienvault.com/otxapi/pulses/643fd0625328e35cba6d1ace/export/?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6Ik5vdmF0ZWNoVGhyZWF0RmVlZCIsInZhbHVlIjpbIjY0M2ZkMDYyNTMyOGUzNWNiYTZkMWFjZSIsInN0aXgyLjEiXSwiZXhwIjoxNjg5OTI2NTYwfQ.2beuCr1juM0OQOLiB-nrQ9KnxcYHSbteP7y32_OP3uc&format=stix2.1", "https://otx.alienvault.com/otxapi/pulses/641833c2832a4f8000f27bff/export/?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6Ik5vdmF0ZWNoVGhyZWF0RmVlZCIsInZhbHVlIjpbIjY0MTgzM2MyODMyYTRmODAwMGYyN2JmZiIsInN0aXgyLjEiXSwiZXhwIjoxNjg5OTI2NTgzfQ.xAudwTXToFHBZsFnJdvjMQk7ueXknfVmRC7UDhfr7oA&format=stix2.1", "https://otx.alienvault.com/otxapi/pulses/643fa5ba6617a24a9707caa5/export/?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6Ik5vdmF0ZWNoVGhyZWF0RmVlZCIsInZhbHVlIjpbIjY0M2ZhNWJhNjYxN2EyNGE5NzA3Y2FhNSIsInN0aXgyLjEiXSwiZXhwIjoxNjg5OTI2NjAzfQ.8NKdByhhAmkb9nkhcCbMb7mCHcTw6KXCkZxi-IiJe5E&format=stix2.1", "https://otx.alienvault.com/otxapi/pulses/643f91edc588fc6182a7d858/export/?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6Ik5vdmF0ZWNoVGhyZWF0RmVlZCIsInZhbHVlIjpbIjY0M2Y5MWVkYzU4OGZjNjE4MmE3ZDg1OCIsInN0aXgyLjEiXSwiZXhwIjoxNjg5OTI2NjE5fQ.pP9qOy6Wo16dtb9Xyj_yO8ReYPqCxtOL_MmeyCpCNiU&format=stix2.1", "https://otx.alienvault.com/otxapi/pulses/643f82f6780c857fbc5cedb5/export/?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6Ik5vdmF0ZWNoVGhyZWF0RmVlZCIsInZhbHVlIjpbIjY0M2Y4MmY2NzgwYzg1N2ZiYzVjZWRiNSIsInN0aXgyLjEiXSwiZXhwIjoxNjg5OTI2NjM3fQ.b1x8REWcbq9Pgxhm07Wvu-cIpfOpY9bDXxl_W5NQrew&format=stix2.1", "https://otx.alienvault.com/otxapi/pulses/643f75ba5b3359ae372680cc/export/?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6Ik5vdmF0ZWNoVGhyZWF0RmVlZCIsInZhbHVlIjpbIjY0M2Y3NWJhNWIzMzU5YWUzNzI2ODBjYyIsInN0aXgyLjEiXSwiZXhwIjoxNjg5OTI2NjYwfQ.14nUOtdbXzyO5vRnpF7eUu4njUu6wM1ZTHzC4AsVfFo&format=stix2.1", "https://otx.alienvault.com/otxapi/pulses/643f32323d4ac74efe3aaed0/export/?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6Ik5vdmF0ZWNoVGhyZWF0RmVlZCIsInZhbHVlIjpbIjY0M2YzMjMyM2Q0YWM3NGVmZTNhYWVkMCIsInN0aXgyLjEiXSwiZXhwIjoxNjg5OTI2NjgxfQ.Em8XwPxhfRU_RbO351sxAr5M4BZ6G9NuhW65O7awTWA&format=stix2.1", "https://otx.alienvault.com/otxapi/pulses/643f00f554c143f52de70b31/export/?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6Ik5vdmF0ZWNoVGhyZWF0RmVlZCIsInZhbHVlIjpbIjY0M2YwMGY1NTRjMTQzZjUyZGU3MGIzMSIsInN0aXgyLjEiXSwiZXhwIjoxNjg5OTI2Njk4fQ.wF3OTclDkjSHoom04hQZ6-kB0EYYXbBndq_BuN2LxOo&format=stix2.1", "https://otx.alienvault.com/otxapi/pulses/643efc7b9ca40532638571c5/export/?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6Ik5vdmF0ZWNoVGhyZWF0RmVlZCIsInZhbHVlIjpbIjY0M2VmYzdiOWNhNDA1MzI2Mzg1NzFjNSIsInN0aXgyLjEiXSwiZXhwIjoxNjg5OTI2NzE3fQ.gsrZIxJmAAkLVl2h3aMH19_85H5Kg1TizGgEWmbyiKQ&format=stix2.1", "https://otx.alienvault.com/otxapi/pulses/643eed3d1e43451363281e34/export/?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6Ik5vdmF0ZWNoVGhyZWF0RmVlZCIsInZhbHVlIjpbIjY0M2VlZDNkMWU0MzQ1MTM2MzI4MWUzNCIsInN0aXgyLjEiXSwiZXhwIjoxNjg5OTI2NzMzfQ.q0pJ-yGRU91EHs3hcJmcJmIsk2RCUPyr2R65CDn9CEg&format=stix2.1", "https://otx.alienvault.com/otxapi/pulses/643e826d163d0b99c2baef29/export/?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6Ik5vdmF0ZWNoVGhyZWF0RmVlZCIsInZhbHVlIjpbIjY0M2U4MjZkMTYzZDBiOTljMmJhZWYyOSIsInN0aXgyLjEiXSwiZXhwIjoxNjg5OTI2Nzk1fQ.zfhL6lmvXFMKpp98aYxBQkNvyalVIKPPdWGKwp7SE_I&format=stix2.1", "https://otx.alienvault.com/otxapi/pulses/643e6a3809de0b0f0e941324/export/?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6Ik5vdmF0ZWNoVGhyZWF0RmVlZCIsInZhbHVlIjpbIjY0M2U2YTM4MDlkZTBiMGYwZTk0MTMyNCIsInN0aXgyLjEiXSwiZXhwIjoxNjg5OTI2ODEzfQ.GieEGNHACyjNO0MRljBk93lKkK_SSK-7BmlZXlP2lSE&format=stix2.1", "https://otx.alienvault.com/otxapi/pulses/643dd431ac3efe5772594c14/export/?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6Ik5vdmF0ZWNoVGhyZWF0RmVlZCIsInZhbHVlIjpbIjY0M2RkNDMxYWMzZWZlNTc3MjU5NGMxNCIsInN0aXgyLjEiXSwiZXhwIjoxNjg5OTI2ODQwfQ.OEtL3L0HbnOOfbPWOMQ26vnLLLfvucXkwGVWjNIQmMc&format=stix2.1", "https://otx.alienvault.com/otxapi/pulses/641aa00df54830afc3822cf2/export/?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6Ik5vdmF0ZWNoVGhyZWF0RmVlZCIsInZhbHVlIjpbIjY0MWFhMDBkZjU0ODMwYWZjMzgyMmNmMiIsInN0aXgyLjEiXSwiZXhwIjoxNjg5OTI2ODU2fQ.Alh1Fii54_w0N99C1_7i65TUqGblYkXQSk_woQv-_78&format=stix2.1", "https://otx.alienvault.com/otxapi/pulses/64b7f2b8e354c04b1970767d/export/?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6Ik5vdmF0ZWNoVGhyZWF0RmVlZCIsInZhbHVlIjpbIjY0YjdmMmI4ZTM1NGMwNGIxOTcwNzY3ZCIsInN0aXgyLjEiXSwiZXhwIjoxNjg5OTI2OTEwfQ.0FZXcYWY6NSTrBIP0gl_WMBj4MGQ_555t2kksOHucrE&format=stix2.1", "https://otx.alienvault.com/otxapi/pulses/642c283b29591e0a4d05b9bd/export/?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6Ik5vdmF0ZWNoVGhyZWF0RmVlZCIsInZhbHVlIjpbIjY0MmMyODNiMjk1OTFlMGE0ZDA1YjliZCIsInN0aXgyLjEiXSwiZXhwIjoxNjg5OTI4NzIzfQ.-kYlLQ7W3qFIr_cCbA6Gym_mXjV_G82No3ACGhFWFTw&format=stix2.1", "https://otx.alienvault.com/otxapi/pulses/64013e084d98371cc5167de7/export/?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6Ik5vdmF0ZWNoVGhyZWF0RmVlZCIsInZhbHVlIjpbIjY0MDEzZTA4NGQ5ODM3MWNjNTE2N2RlNyIsInN0aXgyLjEiXSwiZXhwIjoxNjg5OTI4NzQ0fQ.UQYAjjr43A7ZUx6vSAof23t_nM4GQ-_qv6Lt5PueQ2A&format=stix2.1", "https://otx.alienvault.com/otxapi/pulses/63fc6cccc04b8e8499879997/export/?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6Ik5vdmF0ZWNoVGhyZWF0RmVlZCIsInZhbHVlIjpbIjYzZmM2Y2NjYzA0YjhlODQ5OTg3OTk5NyIsInN0aXgyLjEiXSwiZXhwIjoxNjg5OTI4NzY5fQ.fan0q03Zi1faAAwqQllsPpNIzCALGEDEomDxbLvAZA4&format=stix2.1", "https://otx.alienvault.com/otxapi/pulses/63f66d82c59d14ba6b3c2a58/export/?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6Ik5vdmF0ZWNoVGhyZWF0RmVlZCIsInZhbHVlIjpbIjYzZjY2ZDgyYzU5ZDE0YmE2YjNjMmE1OCIsInN0aXgyLjEiXSwiZXhwIjoxNjg5OTI4Nzg3fQ.xOGqjT6aiMpy343EJe5utReKUQsEMdFfnyIUPQVu5PA&format=stix2.1", "https://otx.alienvault.com/otxapi/pulses/63c4fbc18cda5175bfc6e697/export/?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6Ik5vdmF0ZWNoVGhyZWF0RmVlZCIsInZhbHVlIjpbIjYzYzRmYmMxOGNkYTUxNzViZmM2ZTY5NyIsInN0aXgyLjEiXSwiZXhwIjoxNjg5OTI4ODA1fQ.rtw-w-uwG6kv4wduA26bNZDkoLf7hk0u4XLW4muWum0&format=stix2.1", "https://otx.alienvault.com/otxapi/pulses/63c081f53c4bb49948f3dc06/export/?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6Ik5vdmF0ZWNoVGhyZWF0RmVlZCIsInZhbHVlIjpbIjYzYzA4MWY1M2M0YmI0OTk0OGYzZGMwNiIsInN0aXgyLjEiXSwiZXhwIjoxNjg5OTI4ODIzfQ.khmvBnSFuRPZ9T_a1ZFx6HTbXxW7Y-68esiE-X0ejiY&format=stix2.1", "https://otx.alienvault.com/otxapi/pulses/63be6fdae2bff6bb6aba065d/export/?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6Ik5vdmF0ZWNoVGhyZWF0RmVlZCIsInZhbHVlIjpbIjYzYmU2ZmRhZTJiZmY2YmI2YWJhMDY1ZCIsInN0aXgyLjEiXSwiZXhwIjoxNjg5OTI4ODQyfQ.D_R9Snhua2rk-gEHDHIi7GXle5HVZqsQFAPmFNKL4bQ&format=stix2.1", "https://otx.alienvault.com/otxapi/pulses/63bf16069eec5ba72ea48dc5/export/?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6Ik5vdmF0ZWNoVGhyZWF0RmVlZCIsInZhbHVlIjpbIjYzYmYxNjA2OWVlYzViYTcyZWE0OGRjNSIsInN0aXgyLjEiXSwiZXhwIjoxNjg5OTI4ODU4fQ.NPxHZDgPCkaNJ5iKKnO9aaYnvSfQPfJxTVlvHBasGIA&format=stix2.1", "https://otx.alienvault.com/otxapi/pulses/638e0a49ef2cca67cbee1d02/export/?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6Ik5vdmF0ZWNoVGhyZWF0RmVlZCIsInZhbHVlIjpbIjYzOGUwYTQ5ZWYyY2NhNjdjYmVlMWQwMiIsInN0aXgyLjEiXSwiZXhwIjoxNjg5OTI4ODgyfQ.YVtGHKdsypTAOaoDiDrhWJ6XQtgZwOg1mbsWfiB9xmU&format=stix2.1", "https://otx.alienvault.com/otxapi/pulses/63bbe3905bb7e1f36be696cf/export/?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6Ik5vdmF0ZWNoVGhyZWF0RmVlZCIsInZhbHVlIjpbIjYzYmJlMzkwNWJiN2UxZjM2YmU2OTZjZiIsInN0aXgyLjEiXSwiZXhwIjoxNjg5OTI4OTM3fQ.LTMAppyGvbMoSg4ERmXu8DtMEUO5SX7IzSZT_li001w&format=stix2.1", "https://otx.alienvault.com/otxapi/pulses/638650c73af5f40f7ba6977f/export/?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6Ik5vdmF0ZWNoVGhyZWF0RmVlZCIsInZhbHVlIjpbIjYzODY1MGM3M2FmNWY0MGY3YmE2OTc3ZiIsInN0aXgyLjEiXSwiZXhwIjoxNjg5OTI4OTY0fQ.A3hLcrLRX8BL0P29Jbitl0H2mgefEUEXUX0WaCJnkwg&format=stix2.1", "https://otx.alienvault.com/otxapi/pulses/637fb0c63c7b1029e6fbdd1c/export/?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6Ik5vdmF0ZWNoVGhyZWF0RmVlZCIsInZhbHVlIjpbIjYzN2ZiMGM2M2M3YjEwMjllNmZiZGQxYyIsInN0aXgyLjEiXSwiZXhwIjoxNjg5OTI4OTg2fQ.3lc4PO31SoiF0XPigwv0VkJYIJIGs52PubNN3KHLQKE&format=stix2.1" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 163208, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": true, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "NovatechThreatFeed", "id": "245623", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 34, "FileHash-MD5": 223, "FileHash-SHA1": 226, "FileHash-SHA256": 235, "email": 5, "URL": 8707, "domain": 3482, "hostname": 774 }, "indicator_count": 13686, "is_author": false, "is_subscribing": null, "subscriber_count": 22, "modified_text": "1017 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "64b8f4e0b7008cc32a008d4f", "name": "Novatech Threat Feed", "description": "Large collection of Threats compiled for STIX integrations.", "modified": "2023-08-19T08:04:35.475000", "created": "2023-07-20T08:48:32.024000", "tags": [ "ipv4", "port scan", "indicator", "alienvault", "open threat", "sha1", "misp threat", "actor list", "identify", "frp tool", "volt typhoon", "pla unit", "group", "china", "united", "guard corps", "vulnerabilities", "data extortion", "disk encryption", "sha256", "cisa", "apt group", "fortinet", "mobile", "android", "url request", "exchange", "detection", "techniques", "cactus", "march", "fortinet vpn", "employs unique", "proxyshell", "log4j", "sonicwall", "proxylogon", "unit", "report", "cloud", "attack threats", "teamtnt", "december", "apache log4j2", "docker remote", "threats", "cve202329180", "psirt", "botnet list", "filter", "malware filter", "domains", "data", "list", "emerges", "malware", "horizon", "research", "cril", "trigona", "strain", "beeware", "vice society", "tale", "victim data", "exfiltration", "powershell", "ransomware", "lockbit team", "latest double", "extortion group", "cleaning", "bablock", "rorschach", "otx pulsenamean", "ransom", "delphi", "attacking", "how real", "lockbit", "macho", "macho binaries", "cofense", "latest ato", "ccsg asnas14061", "digitaloceanasn", "spread malware", "qbot banking", "trojan campaign", "emails", "qbot malware", "april", "germany", "argentina", "qakbot", "pinkslipbot", "cobalt strike", "ransomware gang", "continues", "golandbuildpe", "uses revamped", "fin8 uses", "backdoor", "generic trojan", "stopransomware", "otx pulsename", "us department", "health", "social security", "hive ransomware", "uac0050", "remcos program", "court", "kyiv", "team", "ukraine certua", "malicious java", "archive", "access", "polygot", "icedid malware", "cybereason", "iso file", "lnk file", "windows", "ttps", "conti", "fivehands", "a variant", "ciau2019s hive", "attack kit", "hive trapelato", "leads", "threat alert", "million", "ransom payments", "u2013 active", "iocs", "rewterz", "u2013 hive", "november", "rewterz threat", "hive project", "october", "elf file", "virustotal", "xdr33", "trojan", "cia hive", "new backdoor", "urlhaus feed", "9rxd8gdj8", "pvbl1pdbmxc", "ttehg47bmx", "ohr0kszrhp4", "sigremoteadmin1", "analysis" ], "references": [ "https://otx.alienvault.com/otxapi/pulses/64b85cf7e569e75ec395696c/export/?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6Ik5vdmF0ZWNoVGhyZWF0RmVlZCIsInZhbHVlIjpbIjY0Yjg1Y2Y3ZTU2OWU3NWVjMzk1Njk2YyIsImNzdiJdLCJleHAiOjE2ODk5MjU0NDh9.OQ8AtbbcrzENc2m6bwyPQyJyZJsu3aSlNXCBwGVJaB8&format=csv", "https://otx.alienvault.com/pulse/6488e17e5b38aad62e392783", "https://otx.alienvault.com/pulse/647df94cade6a91f2f7185a3", "https://otx.alienvault.com/pulse/6459446e51e8c709f5b9ba99", "https://otx.alienvault.com/pulse/6328a57ec461f46ac6a1b985", "https://otx.alienvault.com/otxapi/pulses/647df94c950882207d03c2d0/export/?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6Ik5vdmF0ZWNoVGhyZWF0RmVlZCIsInZhbHVlIjpbIjY0N2RmOTRjOTUwODgyMjA3ZDAzYzJkMCIsInN0aXgyLjEiXSwiZXhwIjoxNjg5OTI2MDUyfQ.22bH0CciQD9VMzwcoravKfpF-WAGR8T8l15vvJq8NV8&format=stix2.1", "https://otx.alienvault.com/otxapi/pulses/6328a57ec461f46ac6a1b985/export/?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6Ik5vdmF0ZWNoVGhyZWF0RmVlZCIsInZhbHVlIjpbIjYzMjhhNTdlYzQ2MWY0NmFjNmExYjk4NSIsInN0aXgyLjEiXSwiZXhwIjoxNjg5OTI2MDgwfQ.PFo9rSoIPJVSkJXFWURYey8A3OUbssVOchWJh5Xi9rs&format=stix2.1", "https://otx.alienvault.com/otxapi/pulses/622603f902b921bbbc9ab78d/export/?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6Ik5vdmF0ZWNoVGhyZWF0RmVlZCIsInZhbHVlIjpbIjYyMjYwM2Y5MDJiOTIxYmJiYzlhYjc4ZCIsInN0aXgyLjEiXSwiZXhwIjoxNjg5OTI2MTE3fQ.jClDCc0MliUwhQ4Qib7O_Ej23bsHGzLq34A8LXbz5oo&format=stix2.1", "https://otx.alienvault.com/otxapi/pulses/6459446e51e8c709f5b9ba99/export/?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6Ik5vdmF0ZWNoVGhyZWF0RmVlZCIsInZhbHVlIjpbIjY0NTk0NDZlNTFlOGM3MDlmNWI5YmE5OSIsInN0aXgyLjEiXSwiZXhwIjoxNjg5OTI2MTQxfQ.vi3ZVOWL32HzqZRMWBPucDea4U2PD6yJb2QaPm5lF-Q&format=stix2.1", "https://otx.alienvault.com/otxapi/pulses/62ea7df481ecb7b1966c3e36/export/?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6Ik5vdmF0ZWNoVGhyZWF0RmVlZCIsInZhbHVlIjpbIjYyZWE3ZGY0ODFlY2I3YjE5NjZjM2UzNiIsInN0aXgyLjEiXSwiZXhwIjoxNjg5OTI2MTYzfQ.Iz1Lf2XXaTV5zhSciszsbV8eKJ09dZP0JNmehv_NYKk&format=stix2.1", "https://otx.alienvault.com/otxapi/pulses/6213b203dd1fae0e1c1e389c/export/?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6Ik5vdmF0ZWNoVGhyZWF0RmVlZCIsInZhbHVlIjpbIjYyMTNiMjAzZGQxZmFlMGUxYzFlMzg5YyIsInN0aXgyLjEiXSwiZXhwIjoxNjg5OTI2MTg1fQ.jpPxQJgrUDUcn4s37djLT1ZKYnYMG6665oYVOByOtDw&format=stix2.1", "https://otx.alienvault.com/otxapi/pulses/6488e17e5b38aad62e392783/export/?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6Ik5vdmF0ZWNoVGhyZWF0RmVlZCIsInZhbHVlIjpbIjY0ODhlMTdlNWIzOGFhZDYyZTM5Mjc4MyIsInN0aXgyLjEiXSwiZXhwIjoxNjg5OTI2MjUzfQ.1ddMjIWc5iLhP4qRG6Qhwsrs3VTccJsa5EwRqAcJ1dA&format=stix2.1", "https://otx.alienvault.com/otxapi/pulses/647df94cade6a91f2f7185a3/export/?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6Ik5vdmF0ZWNoVGhyZWF0RmVlZCIsInZhbHVlIjpbIjY0N2RmOTRjYWRlNmE5MWYyZjcxODVhMyIsInN0aXgyLjEiXSwiZXhwIjoxNjg5OTI2Mjg3fQ.KIAbBzSeZtxo7rQDXpoIjfJeShg40CHYp3FG8o6trXs&format=stix2.1", "https://otx.alienvault.com/otxapi/pulses/64b47f8cb603db3b79111a89/export/?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6Ik5vdmF0ZWNoVGhyZWF0RmVlZCIsInZhbHVlIjpbIjY0YjQ3ZjhjYjYwM2RiM2I3OTExMWE4OSIsInN0aXgyLjEiXSwiZXhwIjoxNjg5OTI2MzYwfQ.FJBYg1af8-c2CYfMgeQWhm6BnwDmgh7D3DTqFq1IxL8&format=stix2.1", "https://otx.alienvault.com/otxapi/pulses/64b4716072dffa38b11bfbe7/export/?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6Ik5vdmF0ZWNoVGhyZWF0RmVlZCIsInZhbHVlIjpbIjY0YjQ3MTYwNzJkZmZhMzhiMTFiZmJlNyIsInN0aXgyLjEiXSwiZXhwIjoxNjg5OTI2Mzg2fQ.-2WL3r9weJIzGJYlTpxpcJcZzofdjM7i1KqiAvBHv5Y&format=stix2.1", "https://otx.alienvault.com/otxapi/pulses/64b08b009734df5ccdd377bf/export/?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6Ik5vdmF0ZWNoVGhyZWF0RmVlZCIsInZhbHVlIjpbIjY0YjA4YjAwOTczNGRmNWNjZGQzNzdiZiIsInN0aXgyLjEiXSwiZXhwIjoxNjg5OTI2NDIwfQ.loAonIXFIlmaqxCC9JrjuCH1_TcH0WibuxX3Uuw-GdU&format=stix2.1", "https://otx.alienvault.com/otxapi/pulses/64af399779cd57baa6c4fb86/export/?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6Ik5vdmF0ZWNoVGhyZWF0RmVlZCIsInZhbHVlIjpbIjY0YWYzOTk3NzljZDU3YmFhNmM0ZmI4NiIsInN0aXgyLjEiXSwiZXhwIjoxNjg5OTI2NDUxfQ.lriZjad__q4yyoq-TTC5-uyTG1HMBq_BShMUGMNAC4g&format=stix2.1", "https://otx.alienvault.com/otxapi/pulses/64af3998874ce6c230ed5ecc/export/?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6Ik5vdmF0ZWNoVGhyZWF0RmVlZCIsInZhbHVlIjpbIjY0YWYzOTk4ODc0Y2U2YzIzMGVkNWVjYyIsInN0aXgyLjEiXSwiZXhwIjoxNjg5OTI2NDc1fQ.Lbbp_5-W4511P7u_DpeHFhiIOsy7tlkeFpwfwOYPpHU&format=stix2.1", "https://otx.alienvault.com/otxapi/pulses/643fd0625328e35cba6d1ace/export/?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6Ik5vdmF0ZWNoVGhyZWF0RmVlZCIsInZhbHVlIjpbIjY0M2ZkMDYyNTMyOGUzNWNiYTZkMWFjZSIsInN0aXgyLjEiXSwiZXhwIjoxNjg5OTI2NTYwfQ.2beuCr1juM0OQOLiB-nrQ9KnxcYHSbteP7y32_OP3uc&format=stix2.1", "https://otx.alienvault.com/otxapi/pulses/641833c2832a4f8000f27bff/export/?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6Ik5vdmF0ZWNoVGhyZWF0RmVlZCIsInZhbHVlIjpbIjY0MTgzM2MyODMyYTRmODAwMGYyN2JmZiIsInN0aXgyLjEiXSwiZXhwIjoxNjg5OTI2NTgzfQ.xAudwTXToFHBZsFnJdvjMQk7ueXknfVmRC7UDhfr7oA&format=stix2.1", "https://otx.alienvault.com/otxapi/pulses/643fa5ba6617a24a9707caa5/export/?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6Ik5vdmF0ZWNoVGhyZWF0RmVlZCIsInZhbHVlIjpbIjY0M2ZhNWJhNjYxN2EyNGE5NzA3Y2FhNSIsInN0aXgyLjEiXSwiZXhwIjoxNjg5OTI2NjAzfQ.8NKdByhhAmkb9nkhcCbMb7mCHcTw6KXCkZxi-IiJe5E&format=stix2.1", "https://otx.alienvault.com/otxapi/pulses/643f91edc588fc6182a7d858/export/?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6Ik5vdmF0ZWNoVGhyZWF0RmVlZCIsInZhbHVlIjpbIjY0M2Y5MWVkYzU4OGZjNjE4MmE3ZDg1OCIsInN0aXgyLjEiXSwiZXhwIjoxNjg5OTI2NjE5fQ.pP9qOy6Wo16dtb9Xyj_yO8ReYPqCxtOL_MmeyCpCNiU&format=stix2.1", "https://otx.alienvault.com/otxapi/pulses/643f82f6780c857fbc5cedb5/export/?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6Ik5vdmF0ZWNoVGhyZWF0RmVlZCIsInZhbHVlIjpbIjY0M2Y4MmY2NzgwYzg1N2ZiYzVjZWRiNSIsInN0aXgyLjEiXSwiZXhwIjoxNjg5OTI2NjM3fQ.b1x8REWcbq9Pgxhm07Wvu-cIpfOpY9bDXxl_W5NQrew&format=stix2.1", "https://otx.alienvault.com/otxapi/pulses/643f75ba5b3359ae372680cc/export/?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6Ik5vdmF0ZWNoVGhyZWF0RmVlZCIsInZhbHVlIjpbIjY0M2Y3NWJhNWIzMzU5YWUzNzI2ODBjYyIsInN0aXgyLjEiXSwiZXhwIjoxNjg5OTI2NjYwfQ.14nUOtdbXzyO5vRnpF7eUu4njUu6wM1ZTHzC4AsVfFo&format=stix2.1", "https://otx.alienvault.com/otxapi/pulses/643f32323d4ac74efe3aaed0/export/?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6Ik5vdmF0ZWNoVGhyZWF0RmVlZCIsInZhbHVlIjpbIjY0M2YzMjMyM2Q0YWM3NGVmZTNhYWVkMCIsInN0aXgyLjEiXSwiZXhwIjoxNjg5OTI2NjgxfQ.Em8XwPxhfRU_RbO351sxAr5M4BZ6G9NuhW65O7awTWA&format=stix2.1", "https://otx.alienvault.com/otxapi/pulses/643f00f554c143f52de70b31/export/?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6Ik5vdmF0ZWNoVGhyZWF0RmVlZCIsInZhbHVlIjpbIjY0M2YwMGY1NTRjMTQzZjUyZGU3MGIzMSIsInN0aXgyLjEiXSwiZXhwIjoxNjg5OTI2Njk4fQ.wF3OTclDkjSHoom04hQZ6-kB0EYYXbBndq_BuN2LxOo&format=stix2.1", "https://otx.alienvault.com/otxapi/pulses/643efc7b9ca40532638571c5/export/?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6Ik5vdmF0ZWNoVGhyZWF0RmVlZCIsInZhbHVlIjpbIjY0M2VmYzdiOWNhNDA1MzI2Mzg1NzFjNSIsInN0aXgyLjEiXSwiZXhwIjoxNjg5OTI2NzE3fQ.gsrZIxJmAAkLVl2h3aMH19_85H5Kg1TizGgEWmbyiKQ&format=stix2.1", "https://otx.alienvault.com/otxapi/pulses/643eed3d1e43451363281e34/export/?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6Ik5vdmF0ZWNoVGhyZWF0RmVlZCIsInZhbHVlIjpbIjY0M2VlZDNkMWU0MzQ1MTM2MzI4MWUzNCIsInN0aXgyLjEiXSwiZXhwIjoxNjg5OTI2NzMzfQ.q0pJ-yGRU91EHs3hcJmcJmIsk2RCUPyr2R65CDn9CEg&format=stix2.1", "https://otx.alienvault.com/otxapi/pulses/643e826d163d0b99c2baef29/export/?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6Ik5vdmF0ZWNoVGhyZWF0RmVlZCIsInZhbHVlIjpbIjY0M2U4MjZkMTYzZDBiOTljMmJhZWYyOSIsInN0aXgyLjEiXSwiZXhwIjoxNjg5OTI2Nzk1fQ.zfhL6lmvXFMKpp98aYxBQkNvyalVIKPPdWGKwp7SE_I&format=stix2.1", "https://otx.alienvault.com/otxapi/pulses/643e6a3809de0b0f0e941324/export/?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6Ik5vdmF0ZWNoVGhyZWF0RmVlZCIsInZhbHVlIjpbIjY0M2U2YTM4MDlkZTBiMGYwZTk0MTMyNCIsInN0aXgyLjEiXSwiZXhwIjoxNjg5OTI2ODEzfQ.GieEGNHACyjNO0MRljBk93lKkK_SSK-7BmlZXlP2lSE&format=stix2.1", "https://otx.alienvault.com/otxapi/pulses/643dd431ac3efe5772594c14/export/?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6Ik5vdmF0ZWNoVGhyZWF0RmVlZCIsInZhbHVlIjpbIjY0M2RkNDMxYWMzZWZlNTc3MjU5NGMxNCIsInN0aXgyLjEiXSwiZXhwIjoxNjg5OTI2ODQwfQ.OEtL3L0HbnOOfbPWOMQ26vnLLLfvucXkwGVWjNIQmMc&format=stix2.1", "https://otx.alienvault.com/otxapi/pulses/641aa00df54830afc3822cf2/export/?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6Ik5vdmF0ZWNoVGhyZWF0RmVlZCIsInZhbHVlIjpbIjY0MWFhMDBkZjU0ODMwYWZjMzgyMmNmMiIsInN0aXgyLjEiXSwiZXhwIjoxNjg5OTI2ODU2fQ.Alh1Fii54_w0N99C1_7i65TUqGblYkXQSk_woQv-_78&format=stix2.1", "https://otx.alienvault.com/otxapi/pulses/64b7f2b8e354c04b1970767d/export/?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6Ik5vdmF0ZWNoVGhyZWF0RmVlZCIsInZhbHVlIjpbIjY0YjdmMmI4ZTM1NGMwNGIxOTcwNzY3ZCIsInN0aXgyLjEiXSwiZXhwIjoxNjg5OTI2OTEwfQ.0FZXcYWY6NSTrBIP0gl_WMBj4MGQ_555t2kksOHucrE&format=stix2.1", "https://otx.alienvault.com/otxapi/pulses/642c283b29591e0a4d05b9bd/export/?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6Ik5vdmF0ZWNoVGhyZWF0RmVlZCIsInZhbHVlIjpbIjY0MmMyODNiMjk1OTFlMGE0ZDA1YjliZCIsInN0aXgyLjEiXSwiZXhwIjoxNjg5OTI4NzIzfQ.-kYlLQ7W3qFIr_cCbA6Gym_mXjV_G82No3ACGhFWFTw&format=stix2.1", "https://otx.alienvault.com/otxapi/pulses/64013e084d98371cc5167de7/export/?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6Ik5vdmF0ZWNoVGhyZWF0RmVlZCIsInZhbHVlIjpbIjY0MDEzZTA4NGQ5ODM3MWNjNTE2N2RlNyIsInN0aXgyLjEiXSwiZXhwIjoxNjg5OTI4NzQ0fQ.UQYAjjr43A7ZUx6vSAof23t_nM4GQ-_qv6Lt5PueQ2A&format=stix2.1", "https://otx.alienvault.com/otxapi/pulses/63fc6cccc04b8e8499879997/export/?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6Ik5vdmF0ZWNoVGhyZWF0RmVlZCIsInZhbHVlIjpbIjYzZmM2Y2NjYzA0YjhlODQ5OTg3OTk5NyIsInN0aXgyLjEiXSwiZXhwIjoxNjg5OTI4NzY5fQ.fan0q03Zi1faAAwqQllsPpNIzCALGEDEomDxbLvAZA4&format=stix2.1", "https://otx.alienvault.com/otxapi/pulses/63f66d82c59d14ba6b3c2a58/export/?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6Ik5vdmF0ZWNoVGhyZWF0RmVlZCIsInZhbHVlIjpbIjYzZjY2ZDgyYzU5ZDE0YmE2YjNjMmE1OCIsInN0aXgyLjEiXSwiZXhwIjoxNjg5OTI4Nzg3fQ.xOGqjT6aiMpy343EJe5utReKUQsEMdFfnyIUPQVu5PA&format=stix2.1", "https://otx.alienvault.com/otxapi/pulses/63c4fbc18cda5175bfc6e697/export/?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6Ik5vdmF0ZWNoVGhyZWF0RmVlZCIsInZhbHVlIjpbIjYzYzRmYmMxOGNkYTUxNzViZmM2ZTY5NyIsInN0aXgyLjEiXSwiZXhwIjoxNjg5OTI4ODA1fQ.rtw-w-uwG6kv4wduA26bNZDkoLf7hk0u4XLW4muWum0&format=stix2.1", "https://otx.alienvault.com/otxapi/pulses/63c081f53c4bb49948f3dc06/export/?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6Ik5vdmF0ZWNoVGhyZWF0RmVlZCIsInZhbHVlIjpbIjYzYzA4MWY1M2M0YmI0OTk0OGYzZGMwNiIsInN0aXgyLjEiXSwiZXhwIjoxNjg5OTI4ODIzfQ.khmvBnSFuRPZ9T_a1ZFx6HTbXxW7Y-68esiE-X0ejiY&format=stix2.1", "https://otx.alienvault.com/otxapi/pulses/63be6fdae2bff6bb6aba065d/export/?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6Ik5vdmF0ZWNoVGhyZWF0RmVlZCIsInZhbHVlIjpbIjYzYmU2ZmRhZTJiZmY2YmI2YWJhMDY1ZCIsInN0aXgyLjEiXSwiZXhwIjoxNjg5OTI4ODQyfQ.D_R9Snhua2rk-gEHDHIi7GXle5HVZqsQFAPmFNKL4bQ&format=stix2.1", "https://otx.alienvault.com/otxapi/pulses/63bf16069eec5ba72ea48dc5/export/?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6Ik5vdmF0ZWNoVGhyZWF0RmVlZCIsInZhbHVlIjpbIjYzYmYxNjA2OWVlYzViYTcyZWE0OGRjNSIsInN0aXgyLjEiXSwiZXhwIjoxNjg5OTI4ODU4fQ.NPxHZDgPCkaNJ5iKKnO9aaYnvSfQPfJxTVlvHBasGIA&format=stix2.1", "https://otx.alienvault.com/otxapi/pulses/638e0a49ef2cca67cbee1d02/export/?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6Ik5vdmF0ZWNoVGhyZWF0RmVlZCIsInZhbHVlIjpbIjYzOGUwYTQ5ZWYyY2NhNjdjYmVlMWQwMiIsInN0aXgyLjEiXSwiZXhwIjoxNjg5OTI4ODgyfQ.YVtGHKdsypTAOaoDiDrhWJ6XQtgZwOg1mbsWfiB9xmU&format=stix2.1", "https://otx.alienvault.com/otxapi/pulses/63bbe3905bb7e1f36be696cf/export/?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6Ik5vdmF0ZWNoVGhyZWF0RmVlZCIsInZhbHVlIjpbIjYzYmJlMzkwNWJiN2UxZjM2YmU2OTZjZiIsInN0aXgyLjEiXSwiZXhwIjoxNjg5OTI4OTM3fQ.LTMAppyGvbMoSg4ERmXu8DtMEUO5SX7IzSZT_li001w&format=stix2.1", "https://otx.alienvault.com/otxapi/pulses/638650c73af5f40f7ba6977f/export/?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6Ik5vdmF0ZWNoVGhyZWF0RmVlZCIsInZhbHVlIjpbIjYzODY1MGM3M2FmNWY0MGY3YmE2OTc3ZiIsInN0aXgyLjEiXSwiZXhwIjoxNjg5OTI4OTY0fQ.A3hLcrLRX8BL0P29Jbitl0H2mgefEUEXUX0WaCJnkwg&format=stix2.1", "https://otx.alienvault.com/otxapi/pulses/637fb0c63c7b1029e6fbdd1c/export/?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6Ik5vdmF0ZWNoVGhyZWF0RmVlZCIsInZhbHVlIjpbIjYzN2ZiMGM2M2M3YjEwMjllNmZiZGQxYyIsInN0aXgyLjEiXSwiZXhwIjoxNjg5OTI4OTg2fQ.3lc4PO31SoiF0XPigwv0VkJYIJIGs52PubNN3KHLQKE&format=stix2.1" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 27, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "NovatechThreatFeed", "id": "245623", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 34, "FileHash-MD5": 223, "FileHash-SHA1": 226, "FileHash-SHA256": 235, "email": 5, "URL": 8707, "domain": 3482, "hostname": 774 }, "indicator_count": 13686, "is_author": false, "is_subscribing": null, "subscriber_count": 22, "modified_text": "1017 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "633c689a6e806dad4ca1a418", "name": "VTA - Iranian Islamic Revolutionary Guard Corps-Affiliated Cyber Actors Exploiting Vulnerabilities for Data Extortion and Disk Encryption for Ransom Operations", "description": "The IRGC-affiliated actors have used their access for ransom operations, including disk encryption and extortion efforts. After gaining access to a network, the IRGC-affiliated actors likely determine a course of action based on their perceived value of the data. Depending on the perceived value, the actors may encrypt data for ransom and/or exfiltrate data. The actors may sell the data or use the exfiltrated data in extortion operations or \u201cdouble extortion\u201d ransom operations where a threat actor uses a combination of encryption and data theft to pressure targeted entities to pay ransom demands.", "modified": "2022-11-03T17:04:30.875000", "created": "2022-10-04T17:08:42.015000", "tags": [ "uscert", "csirt", "cert", "cybersecurity", "cyber security", "computer security", "u. s. computer emergency readiness", "cyber risks", "csa iranian", "cyber actors", "exchange", "furtherance", "cve202134473", "iocs", "cve202131207", "cve202144228", "cve202145046", "proxyshell", "february", "ransom", "plink", "persistence", "service", "lsass", "impact", "winrar" ], "references": [ "https://www.cisa.gov/uscert/ncas/alerts/aa22-257a" ], "public": 1, "adversary": "", "targeted_countries": [ "Iran, Islamic Republic of", "New Zealand", "Canada", "Australia", "United Kingdom of Great Britain and Northern Ireland", "United States of America" ], "malware_families": [], "attack_ids": [ { "id": "T1021", "name": "Remote Services", "display_name": "T1021 - Remote Services" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1087", "name": "Account Discovery", "display_name": "T1087 - Account Discovery" }, { "id": "T1068", "name": "Exploitation for Privilege Escalation", "display_name": "T1068 - Exploitation for Privilege Escalation" }, { "id": "T1495", "name": "Firmware Corruption", "display_name": "T1495 - Firmware Corruption" }, { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1136", "name": "Create Account", "display_name": "T1136 - Create Account" }, { "id": "T1190", "name": "Exploit Public-Facing Application", "display_name": "T1190 - Exploit Public-Facing Application" }, { "id": "T1486", "name": "Data Encrypted for Impact", "display_name": "T1486 - Data Encrypted for Impact" }, { "id": "T1560", "name": "Archive Collected Data", "display_name": "T1560 - Archive Collected Data" }, { "id": "T1588", "name": "Obtain Capabilities", "display_name": "T1588 - Obtain Capabilities" } ], "industries": [ "Government", "Critical Infrastructure" ], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Superpro", "id": "61676", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 14, "FileHash-MD5": 16, "FileHash-SHA1": 14, "FileHash-SHA256": 13, "URL": 1, "domain": 11, "email": 3 }, "indicator_count": 72, "is_author": false, "is_subscribing": null, "subscriber_count": 213, "modified_text": "1306 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "633c6894b934a17dba8aec26", "name": "VTA - Iranian Islamic Revolutionary Guard Corps-Affiliated Cyber Actors Exploiting Vulnerabilities for Data Extortion and Disk Encryption for Ransom Operations", "description": "The IRGC-affiliated actors have used their access for ransom operations, including disk encryption and extortion efforts. After gaining access to a network, the IRGC-affiliated actors likely determine a course of action based on their perceived value of the data. Depending on the perceived value, the actors may encrypt data for ransom and/or exfiltrate data. The actors may sell the data or use the exfiltrated data in extortion operations or \u201cdouble extortion\u201d ransom operations where a threat actor uses a combination of encryption and data theft to pressure targeted entities to pay ransom demands.", "modified": "2022-11-03T17:04:30.875000", "created": "2022-10-04T17:08:36.472000", "tags": [ "uscert", "csirt", "cert", "cybersecurity", "cyber security", "computer security", "u. s. computer emergency readiness", "cyber risks", "csa iranian", "cyber actors", "exchange", "furtherance", "cve202134473", "iocs", "cve202131207", "cve202144228", "cve202145046", "proxyshell", "february", "ransom", "plink", "persistence", "service", "lsass", "impact", "winrar" ], "references": [ "https://www.cisa.gov/uscert/ncas/alerts/aa22-257a" ], "public": 1, "adversary": "", "targeted_countries": [ "Iran, Islamic Republic of", "New Zealand", "Canada", "Australia", "United Kingdom of Great Britain and Northern Ireland", "United States of America" ], "malware_families": [], "attack_ids": [ { "id": "T1021", "name": "Remote Services", "display_name": "T1021 - Remote Services" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1087", "name": "Account Discovery", "display_name": "T1087 - Account Discovery" }, { "id": "T1068", "name": "Exploitation for Privilege Escalation", "display_name": "T1068 - Exploitation for Privilege Escalation" }, { "id": "T1495", "name": "Firmware Corruption", "display_name": "T1495 - Firmware Corruption" }, { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1136", "name": "Create Account", "display_name": "T1136 - Create Account" }, { "id": "T1190", "name": "Exploit Public-Facing Application", "display_name": "T1190 - Exploit Public-Facing Application" }, { "id": "T1486", "name": "Data Encrypted for Impact", "display_name": "T1486 - Data Encrypted for Impact" }, { "id": "T1560", "name": "Archive Collected Data", "display_name": "T1560 - Archive Collected Data" }, { "id": "T1588", "name": "Obtain Capabilities", "display_name": "T1588 - Obtain Capabilities" } ], "industries": [ "Government", "Critical Infrastructure" ], "TLP": "white", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Superpro", "id": "61676", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 14, "FileHash-MD5": 16, "FileHash-SHA1": 14, "FileHash-SHA256": 13, "URL": 1, "domain": 11, "email": 3 }, "indicator_count": 72, "is_author": false, "is_subscribing": null, "subscriber_count": 213, "modified_text": "1306 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6328a57ec461f46ac6a1b985", "name": "Iranian Islamic Revolutionary Guard Corps Affiliated Cyber Actors Exploiting Vulnerabilities for Data Extortion and Disk Encryption for Ransom Operations", "description": "The FBI, CISA, UK and FBI have issued a joint cybersecurity advisory to highlight malicious cyber activity by an Iranian government-sponsored APT group that exploit vulnerabilities in Microsoft Exchange and Fortinet.", "modified": "2022-10-19T17:24:09.607000", "created": "2022-09-19T17:23:10.088000", "tags": [ "uscert", "csirt", "cert", "cybersecurity", "cyber security", "computer security", "u. s. computer emergency readiness", "cyber risks", "cisa", "fortinet", "access", "acsc", "iocs", "activity", "march", "cve201813379", "cve202012812", "cve20195591", "winrar", "exploit", "june", "mimikatz", "impact", "csa iranian", "cyber actors", "exchange", "furtherance", "cve202134473", "cve202131207", "cve202144228", "cve202145046", "proxyshell", "february", "ransom", "plink", "persistence", "service", "lsass" ], "references": [ "https://www.cisa.gov/uscert/ncas/alerts/aa22-257a", "https://www.cisa.gov/uscert/ncas/alerts/aa21-321a", "https://www.cisa.gov/uscert/ncas/current-activity/2022/09/14/iranian-islamic-revolutionary-guard-corps-affiliated-cyber-actors" ], "public": 1, "adversary": "", "targeted_countries": [ "United Kingdom of Great Britain and Northern Ireland", "New Zealand", "Canada", "Australia", "United States of America" ], "malware_families": [], "attack_ids": [ { "id": "T1021", "name": "Remote Services", "display_name": "T1021 - Remote Services" }, { "id": "T1495", "name": "Firmware Corruption", "display_name": "T1495 - Firmware Corruption" }, { "id": "T1087", "name": "Account Discovery", "display_name": "T1087 - Account Discovery" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1136", "name": "Create Account", "display_name": "T1136 - Create Account" }, { "id": "T1190", "name": "Exploit Public-Facing Application", "display_name": "T1190 - Exploit Public-Facing Application" }, { "id": "T1486", "name": "Data Encrypted for Impact", "display_name": "T1486 - Data Encrypted for Impact" }, { "id": "T1560", "name": "Archive Collected Data", "display_name": "T1560 - Archive Collected Data" }, { "id": "T1588", "name": "Obtain Capabilities", "display_name": "T1588 - Obtain Capabilities" } ], "industries": [ "Government" ], "TLP": "white", "cloned_from": null, "export_count": 11, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "VertekLabs", "id": "168455", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_168455/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "email": 7, "CVE": 14, "FileHash-MD5": 25, "FileHash-SHA1": 21, "FileHash-SHA256": 22, "URL": 1, "domain": 11 }, "indicator_count": 101, "is_author": false, "is_subscribing": null, "subscriber_count": 564, "modified_text": "1321 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "63275bb2f70e9749a4ffea16", "name": "Opsec Mistakes Reveal COBALT MIRAGE Threat Actors | Secureworks", "description": "Get started with the help of a company that provides a range of solutions for security problems, as well as a host of other services, on-the-spot and off- the field, in a bid to attract new customers.", "modified": "2022-10-18T17:02:40.649000", "created": "2022-09-18T17:56:02.209000", "tags": [ "hi.pdf", "cobalt mirage", "secureworks", "secnerd", "afkar system", "irgcio", "ip address", "response", "figure", "labdookhtegan", "irgc", "june", "podcast", "ransomware", "twitter", "close", "back", "april", "android", "august", "mirage" ], "references": [ "https://www.secureworks.com/blog/opsec-mistakes-reveal-cobalt-mirage-threat-actors" ], "public": 1, "adversary": "", "targeted_countries": [ "Iran, Islamic Republic of", "United States of America" ], "malware_families": [ { "id": "Hi.pdf", "display_name": "Hi.pdf", "target": null } ], "attack_ids": [ { "id": "T1490", "name": "Inhibit System Recovery", "display_name": "T1490 - Inhibit System Recovery" }, { "id": "T1113", "name": "Screen Capture", "display_name": "T1113 - Screen Capture" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AL-SOC@ascendlearning.com", "id": "77219", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 3, "FileHash-MD5": 1, "FileHash-SHA1": 1, "FileHash-SHA256": 1, "domain": 4 }, "indicator_count": 10, "is_author": false, "is_subscribing": null, "subscriber_count": 36, "modified_text": "1322 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "63250cdaf15a673531dfee11", "name": "Iran-backed APT Actors Utilize CVEs to Carry Out Cyber Attacks on Critical Infrastructure", "description": "", "modified": "2022-10-16T23:03:59.279000", "created": "2022-09-16T23:55:06.867000", "tags": [ "CVE-2021-44228", "CVE-2021-45046", "CVE-2021-45105", "Log4j", "T1588.001", "T1190", "T1486", "OSINT" ], "references": [ "https://community.riskiq.com/article/6d9ea368" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunterAutoFeed", "id": "182496", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_182496/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 13, "domain": 11 }, "indicator_count": 24, "is_author": false, "is_subscribing": null, "subscriber_count": 1623, "modified_text": "1323 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6324720fb38e5d3d757ca2f4", "name": "Iranian Islamic Revolutionary Guard Corps-Affiliated Cyber Actors Exploiting Vulnerabilities for Data Extortion and Disk Encryption for Ransom Operations | CISA", "description": "The FBI, US National Security Agency, Australian, Canadian and UK governments have issued a joint Cybersecurity Advisory (AA22-257A) to highlight Iranian government-sponsored cyber actors exploiting vulnerabilities.", "modified": "2022-10-16T12:38:01.134000", "created": "2022-09-16T12:54:39.976000", "tags": [ "actor/lazarusgroup" ], "references": [ "https://www.cisa.gov/uscert/ncas/alerts/aa22-257a" ], "public": 1, "adversary": "Lazarus Group", "targeted_countries": [ "New Zealand", "Canada", "Australia", "United Kingdom of Great Britain and Northern Ireland", "United States of America" ], "malware_families": [], "attack_ids": [ { "id": "T1021", "name": "Remote Services", "display_name": "T1021 - Remote Services" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1087", "name": "Account Discovery", "display_name": "T1087 - Account Discovery" }, { "id": "T1068", "name": "Exploitation for Privilege Escalation", "display_name": "T1068 - Exploitation for Privilege Escalation" }, { "id": "T1495", "name": "Firmware Corruption", "display_name": "T1495 - Firmware Corruption" }, { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1136", "name": "Create Account", "display_name": "T1136 - Create Account" }, { "id": "T1190", "name": "Exploit Public-Facing Application", "display_name": "T1190 - Exploit Public-Facing Application" }, { "id": "T1486", "name": "Data Encrypted for Impact", "display_name": "T1486 - Data Encrypted for Impact" }, { "id": "T1560", "name": "Archive Collected Data", "display_name": "T1560 - Archive Collected Data" }, { "id": "T1588", "name": "Obtain Capabilities", "display_name": "T1588 - Obtain Capabilities" } ], "industries": [ "Critical Infrastructure" ], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "eric.ford", "id": "42510", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_42510/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 14, "FileHash-MD5": 16, "FileHash-SHA1": 14, "FileHash-SHA256": 13, "URL": 1, "domain": 11, "email": 3 }, "indicator_count": 72, "is_author": false, "is_subscribing": null, "subscriber_count": 134, "modified_text": "1324 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "63235ade775d92e77bf0e72b", "name": "INDICATORS OF COMPROMISE", "description": "Iranian Islamic Revolutionary Guard Corps-Affiliated Cyber Actors Exploiting Vulnerabilities for Data Extortion and Disk Encryption for Ransom Operations", "modified": "2022-10-15T16:05:14.437000", "created": "2022-09-15T17:03:26.568000", "tags": [], "references": [], "public": 1, "adversary": "Iranian Islamic Revolutionary Guard Corps-Affiliated", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "TA0001", "name": "Initial Access", "display_name": "TA0001 - Initial Access" }, { "id": "TA0002", "name": "Execution", "display_name": "TA0002 - Execution" }, { "id": "TA0003", "name": "Persistence", "display_name": "TA0003 - Persistence" }, { "id": "TA0010", "name": "Exfiltration", "display_name": "TA0010 - Exfiltration" }, { "id": "TA0040", "name": "Impact", "display_name": "TA0040 - Impact" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "prafulla", "id": "207818", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 11 }, "indicator_count": 11, "is_author": false, "is_subscribing": null, "subscriber_count": 19, "modified_text": "1325 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6322d260fce700b422bc8ded", "name": "Iranian Islamic Revolutionary Guard Corps-Affiliated Cyber Actors Exploiting Vulnerabilities for Data Extortion and Disk Encryption for Ransom Operations | CISA", "description": "", "modified": "2022-10-15T07:09:41.435000", "created": "2022-09-15T07:21:04.783000", "tags": [ "uscert", "csirt", "cert", "cybersecurity", "cyber security", "computer security", "u. s. computer emergency readiness", "cyber risks", "csa iranian", "cyber actors", "exchange", "furtherance", "cve202134473", "iocs", "cve202131207", "cve202144228", "cve202145046", "proxyshell", "february", "ransom", "plink", "persistence", "service", "lsass", "impact", "winrar" ], "references": [ "https://www.cisa.gov/uscert/ncas/alerts/aa22-257a" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1136", "name": "Create Account", "display_name": "T1136 - Create Account" }, { "id": "T1190", "name": "Exploit Public-Facing Application", "display_name": "T1190 - Exploit Public-Facing Application" }, { "id": "T1486", "name": "Data Encrypted for Impact", "display_name": "T1486 - Data Encrypted for Impact" }, { "id": "T1560", "name": "Archive Collected Data", "display_name": "T1560 - Archive Collected Data" }, { "id": "T1588", "name": "Obtain Capabilities", "display_name": "T1588 - Obtain Capabilities" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunter_NL", "id": "171283", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_171283/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "email": 4, "CVE": 14, "FileHash-MD5": 16, "FileHash-SHA1": 14, "FileHash-SHA256": 13, "URL": 1, "domain": 11 }, "indicator_count": 73, "is_author": false, "is_subscribing": null, "subscriber_count": 865, "modified_text": "1325 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "63222d1f5ef6a49c5d8baaed", "name": "Iranian Islamic Revolutionary Guard Corps-Affiliated Cyber Actors Exploiting Vulnerabilities for Data Extortion and Disk Encryption for Ransom Operations", "description": "This is the full text of an official Cybersecurity Advisory (CSA) issued by the United States, Canada, Australia and the UK on 14 September, 2022, and is subject to copyright.", "modified": "2022-10-14T19:08:16.692000", "created": "2022-09-14T19:35:59.188000", "tags": [ "Log4j", "IRGC", "CISA" ], "references": [ "https://media.defense.gov/2022/Sep/14/2003076379/-1/-1/0/CSA_IRGC.PDF" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Australia", "United Kingdom of Great Britain and Northern Ireland", "Canada" ], "malware_families": [], "attack_ids": [ { "id": "T1021", "name": "Remote Services", "display_name": "T1021 - Remote Services" }, { "id": "T1041", "name": "Exfiltration Over C2 Channel", "display_name": "T1041 - Exfiltration Over C2 Channel" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1495", "name": "Firmware Corruption", "display_name": "T1495 - Firmware Corruption" }, { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1136", "name": "Create Account", "display_name": "T1136 - Create Account" }, { "id": "T1190", "name": "Exploit Public-Facing Application", "display_name": "T1190 - Exploit Public-Facing Application" }, { "id": "T1486", "name": "Data Encrypted for Impact", "display_name": "T1486 - Data Encrypted for Impact" }, { "id": "T1560", "name": "Archive Collected Data", "display_name": "T1560 - Archive Collected Data" }, { "id": "T1588", "name": "Obtain Capabilities", "display_name": "T1588 - Obtain Capabilities" } ], "industries": [ "Critical Infrastructure" ], "TLP": "white", "cloned_from": null, "export_count": 4, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "_Cyberfish", "id": "206993", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 14, "FileHash-MD5": 17, "FileHash-SHA1": 14, "FileHash-SHA256": 13, "URL": 1, "domain": 11, "email": 2 }, "indicator_count": 72, "is_author": false, "is_subscribing": null, "subscriber_count": 30, "modified_text": "1325 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "references": [ "https://otx.alienvault.com/otxapi/pulses/63bf16069eec5ba72ea48dc5/export/?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6Ik5vdmF0ZWNoVGhyZWF0RmVlZCIsInZhbHVlIjpbIjYzYmYxNjA2OWVlYzViYTcyZWE0OGRjNSIsInN0aXgyLjEiXSwiZXhwIjoxNjg5OTI4ODU4fQ.NPxHZDgPCkaNJ5iKKnO9aaYnvSfQPfJxTVlvHBasGIA&format=stix2.1", "https://otx.alienvault.com/otxapi/pulses/64b4716072dffa38b11bfbe7/export/?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6Ik5vdmF0ZWNoVGhyZWF0RmVlZCIsInZhbHVlIjpbIjY0YjQ3MTYwNzJkZmZhMzhiMTFiZmJlNyIsInN0aXgyLjEiXSwiZXhwIjoxNjg5OTI2Mzg2fQ.-2WL3r9weJIzGJYlTpxpcJcZzofdjM7i1KqiAvBHv5Y&format=stix2.1", "APT35 pt3.pdf", "https://otx.alienvault.com/otxapi/pulses/641aa00df54830afc3822cf2/export/?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6Ik5vdmF0ZWNoVGhyZWF0RmVlZCIsInZhbHVlIjpbIjY0MWFhMDBkZjU0ODMwYWZjMzgyMmNmMiIsInN0aXgyLjEiXSwiZXhwIjoxNjg5OTI2ODU2fQ.Alh1Fii54_w0N99C1_7i65TUqGblYkXQSk_woQv-_78&format=stix2.1", "https://otx.alienvault.com/otxapi/pulses/64013e084d98371cc5167de7/export/?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6Ik5vdmF0ZWNoVGhyZWF0RmVlZCIsInZhbHVlIjpbIjY0MDEzZTA4NGQ5ODM3MWNjNTE2N2RlNyIsInN0aXgyLjEiXSwiZXhwIjoxNjg5OTI4NzQ0fQ.UQYAjjr43A7ZUx6vSAof23t_nM4GQ-_qv6Lt5PueQ2A&format=stix2.1", "https://otx.alienvault.com/otxapi/pulses/64af3998874ce6c230ed5ecc/export/?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6Ik5vdmF0ZWNoVGhyZWF0RmVlZCIsInZhbHVlIjpbIjY0YWYzOTk4ODc0Y2U2YzIzMGVkNWVjYyIsInN0aXgyLjEiXSwiZXhwIjoxNjg5OTI2NDc1fQ.Lbbp_5-W4511P7u_DpeHFhiIOsy7tlkeFpwfwOYPpHU&format=stix2.1", "https://otx.alienvault.com/otxapi/pulses/647df94c950882207d03c2d0/export/?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6Ik5vdmF0ZWNoVGhyZWF0RmVlZCIsInZhbHVlIjpbIjY0N2RmOTRjOTUwODgyMjA3ZDAzYzJkMCIsInN0aXgyLjEiXSwiZXhwIjoxNjg5OTI2MDUyfQ.22bH0CciQD9VMzwcoravKfpF-WAGR8T8l15vvJq8NV8&format=stix2.1", "https://otx.alienvault.com/pulse/647df94cade6a91f2f7185a3", "https://otx.alienvault.com/otxapi/pulses/64af399779cd57baa6c4fb86/export/?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6Ik5vdmF0ZWNoVGhyZWF0RmVlZCIsInZhbHVlIjpbIjY0YWYzOTk3NzljZDU3YmFhNmM0ZmI4NiIsInN0aXgyLjEiXSwiZXhwIjoxNjg5OTI2NDUxfQ.lriZjad__q4yyoq-TTC5-uyTG1HMBq_BShMUGMNAC4g&format=stix2.1", "https://otx.alienvault.com/pulse/6488e17e5b38aad62e392783", "https://otx.alienvault.com/pulse/6328a57ec461f46ac6a1b985", "https://otx.alienvault.com/otxapi/pulses/63bbe3905bb7e1f36be696cf/export/?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6Ik5vdmF0ZWNoVGhyZWF0RmVlZCIsInZhbHVlIjpbIjYzYmJlMzkwNWJiN2UxZjM2YmU2OTZjZiIsInN0aXgyLjEiXSwiZXhwIjoxNjg5OTI4OTM3fQ.LTMAppyGvbMoSg4ERmXu8DtMEUO5SX7IzSZT_li001w&format=stix2.1", "https://otx.alienvault.com/otxapi/pulses/63c4fbc18cda5175bfc6e697/export/?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6Ik5vdmF0ZWNoVGhyZWF0RmVlZCIsInZhbHVlIjpbIjYzYzRmYmMxOGNkYTUxNzViZmM2ZTY5NyIsInN0aXgyLjEiXSwiZXhwIjoxNjg5OTI4ODA1fQ.rtw-w-uwG6kv4wduA26bNZDkoLf7hk0u4XLW4muWum0&format=stix2.1", "https://otx.alienvault.com/otxapi/pulses/637fb0c63c7b1029e6fbdd1c/export/?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6Ik5vdmF0ZWNoVGhyZWF0RmVlZCIsInZhbHVlIjpbIjYzN2ZiMGM2M2M3YjEwMjllNmZiZGQxYyIsInN0aXgyLjEiXSwiZXhwIjoxNjg5OTI4OTg2fQ.3lc4PO31SoiF0XPigwv0VkJYIJIGs52PubNN3KHLQKE&format=stix2.1", "https://www.secureworks.com/blog/opsec-mistakes-reveal-cobalt-mirage-threat-actors", "https://otx.alienvault.com/otxapi/pulses/647df94cade6a91f2f7185a3/export/?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6Ik5vdmF0ZWNoVGhyZWF0RmVlZCIsInZhbHVlIjpbIjY0N2RmOTRjYWRlNmE5MWYyZjcxODVhMyIsInN0aXgyLjEiXSwiZXhwIjoxNjg5OTI2Mjg3fQ.KIAbBzSeZtxo7rQDXpoIjfJeShg40CHYp3FG8o6trXs&format=stix2.1", "https://www.cisa.gov/uscert/ncas/current-activity/2022/09/14/iranian-islamic-revolutionary-guard-corps-affiliated-cyber-actors", "https://otx.alienvault.com/otxapi/pulses/63be6fdae2bff6bb6aba065d/export/?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6Ik5vdmF0ZWNoVGhyZWF0RmVlZCIsInZhbHVlIjpbIjYzYmU2ZmRhZTJiZmY2YmI2YWJhMDY1ZCIsInN0aXgyLjEiXSwiZXhwIjoxNjg5OTI4ODQyfQ.D_R9Snhua2rk-gEHDHIi7GXle5HVZqsQFAPmFNKL4bQ&format=stix2.1", "https://otx.alienvault.com/otxapi/pulses/643efc7b9ca40532638571c5/export/?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6Ik5vdmF0ZWNoVGhyZWF0RmVlZCIsInZhbHVlIjpbIjY0M2VmYzdiOWNhNDA1MzI2Mzg1NzFjNSIsInN0aXgyLjEiXSwiZXhwIjoxNjg5OTI2NzE3fQ.gsrZIxJmAAkLVl2h3aMH19_85H5Kg1TizGgEWmbyiKQ&format=stix2.1", "https://otx.alienvault.com/pulse/6459446e51e8c709f5b9ba99", "https://otx.alienvault.com/otxapi/pulses/641833c2832a4f8000f27bff/export/?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6Ik5vdmF0ZWNoVGhyZWF0RmVlZCIsInZhbHVlIjpbIjY0MTgzM2MyODMyYTRmODAwMGYyN2JmZiIsInN0aXgyLjEiXSwiZXhwIjoxNjg5OTI2NTgzfQ.xAudwTXToFHBZsFnJdvjMQk7ueXknfVmRC7UDhfr7oA&format=stix2.1", "https://otx.alienvault.com/otxapi/pulses/64b7f2b8e354c04b1970767d/export/?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6Ik5vdmF0ZWNoVGhyZWF0RmVlZCIsInZhbHVlIjpbIjY0YjdmMmI4ZTM1NGMwNGIxOTcwNzY3ZCIsInN0aXgyLjEiXSwiZXhwIjoxNjg5OTI2OTEwfQ.0FZXcYWY6NSTrBIP0gl_WMBj4MGQ_555t2kksOHucrE&format=stix2.1", "https://www.cisa.gov/uscert/ncas/alerts/aa21-321a", "https://otx.alienvault.com/otxapi/pulses/642c283b29591e0a4d05b9bd/export/?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6Ik5vdmF0ZWNoVGhyZWF0RmVlZCIsInZhbHVlIjpbIjY0MmMyODNiMjk1OTFlMGE0ZDA1YjliZCIsInN0aXgyLjEiXSwiZXhwIjoxNjg5OTI4NzIzfQ.-kYlLQ7W3qFIr_cCbA6Gym_mXjV_G82No3ACGhFWFTw&format=stix2.1", "https://otx.alienvault.com/otxapi/pulses/63fc6cccc04b8e8499879997/export/?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6Ik5vdmF0ZWNoVGhyZWF0RmVlZCIsInZhbHVlIjpbIjYzZmM2Y2NjYzA0YjhlODQ5OTg3OTk5NyIsInN0aXgyLjEiXSwiZXhwIjoxNjg5OTI4NzY5fQ.fan0q03Zi1faAAwqQllsPpNIzCALGEDEomDxbLvAZA4&format=stix2.1", "https://otx.alienvault.com/otxapi/pulses/643e826d163d0b99c2baef29/export/?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6Ik5vdmF0ZWNoVGhyZWF0RmVlZCIsInZhbHVlIjpbIjY0M2U4MjZkMTYzZDBiOTljMmJhZWYyOSIsInN0aXgyLjEiXSwiZXhwIjoxNjg5OTI2Nzk1fQ.zfhL6lmvXFMKpp98aYxBQkNvyalVIKPPdWGKwp7SE_I&format=stix2.1", "https://otx.alienvault.com/otxapi/pulses/643fa5ba6617a24a9707caa5/export/?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6Ik5vdmF0ZWNoVGhyZWF0RmVlZCIsInZhbHVlIjpbIjY0M2ZhNWJhNjYxN2EyNGE5NzA3Y2FhNSIsInN0aXgyLjEiXSwiZXhwIjoxNjg5OTI2NjAzfQ.8NKdByhhAmkb9nkhcCbMb7mCHcTw6KXCkZxi-IiJe5E&format=stix2.1", "https://otx.alienvault.com/otxapi/pulses/638e0a49ef2cca67cbee1d02/export/?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6Ik5vdmF0ZWNoVGhyZWF0RmVlZCIsInZhbHVlIjpbIjYzOGUwYTQ5ZWYyY2NhNjdjYmVlMWQwMiIsInN0aXgyLjEiXSwiZXhwIjoxNjg5OTI4ODgyfQ.YVtGHKdsypTAOaoDiDrhWJ6XQtgZwOg1mbsWfiB9xmU&format=stix2.1", "https://otx.alienvault.com/otxapi/pulses/643f32323d4ac74efe3aaed0/export/?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6Ik5vdmF0ZWNoVGhyZWF0RmVlZCIsInZhbHVlIjpbIjY0M2YzMjMyM2Q0YWM3NGVmZTNhYWVkMCIsInN0aXgyLjEiXSwiZXhwIjoxNjg5OTI2NjgxfQ.Em8XwPxhfRU_RbO351sxAr5M4BZ6G9NuhW65O7awTWA&format=stix2.1", "https://otx.alienvault.com/otxapi/pulses/643f82f6780c857fbc5cedb5/export/?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6Ik5vdmF0ZWNoVGhyZWF0RmVlZCIsInZhbHVlIjpbIjY0M2Y4MmY2NzgwYzg1N2ZiYzVjZWRiNSIsInN0aXgyLjEiXSwiZXhwIjoxNjg5OTI2NjM3fQ.b1x8REWcbq9Pgxhm07Wvu-cIpfOpY9bDXxl_W5NQrew&format=stix2.1", "https://otx.alienvault.com/otxapi/pulses/638650c73af5f40f7ba6977f/export/?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6Ik5vdmF0ZWNoVGhyZWF0RmVlZCIsInZhbHVlIjpbIjYzODY1MGM3M2FmNWY0MGY3YmE2OTc3ZiIsInN0aXgyLjEiXSwiZXhwIjoxNjg5OTI4OTY0fQ.A3hLcrLRX8BL0P29Jbitl0H2mgefEUEXUX0WaCJnkwg&format=stix2.1", "https://otx.alienvault.com/otxapi/pulses/63c081f53c4bb49948f3dc06/export/?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6Ik5vdmF0ZWNoVGhyZWF0RmVlZCIsInZhbHVlIjpbIjYzYzA4MWY1M2M0YmI0OTk0OGYzZGMwNiIsInN0aXgyLjEiXSwiZXhwIjoxNjg5OTI4ODIzfQ.khmvBnSFuRPZ9T_a1ZFx6HTbXxW7Y-68esiE-X0ejiY&format=stix2.1", "https://otx.alienvault.com/otxapi/pulses/6328a57ec461f46ac6a1b985/export/?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6Ik5vdmF0ZWNoVGhyZWF0RmVlZCIsInZhbHVlIjpbIjYzMjhhNTdlYzQ2MWY0NmFjNmExYjk4NSIsInN0aXgyLjEiXSwiZXhwIjoxNjg5OTI2MDgwfQ.PFo9rSoIPJVSkJXFWURYey8A3OUbssVOchWJh5Xi9rs&format=stix2.1", "https://media.defense.gov/2022/Sep/14/2003076379/-1/-1/0/CSA_IRGC.PDF", "https://otx.alienvault.com/otxapi/pulses/643f91edc588fc6182a7d858/export/?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6Ik5vdmF0ZWNoVGhyZWF0RmVlZCIsInZhbHVlIjpbIjY0M2Y5MWVkYzU4OGZjNjE4MmE3ZDg1OCIsInN0aXgyLjEiXSwiZXhwIjoxNjg5OTI2NjE5fQ.pP9qOy6Wo16dtb9Xyj_yO8ReYPqCxtOL_MmeyCpCNiU&format=stix2.1", "https://otx.alienvault.com/otxapi/pulses/63f66d82c59d14ba6b3c2a58/export/?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6Ik5vdmF0ZWNoVGhyZWF0RmVlZCIsInZhbHVlIjpbIjYzZjY2ZDgyYzU5ZDE0YmE2YjNjMmE1OCIsInN0aXgyLjEiXSwiZXhwIjoxNjg5OTI4Nzg3fQ.xOGqjT6aiMpy343EJe5utReKUQsEMdFfnyIUPQVu5PA&format=stix2.1", "https://otx.alienvault.com/otxapi/pulses/64b85cf7e569e75ec395696c/export/?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6Ik5vdmF0ZWNoVGhyZWF0RmVlZCIsInZhbHVlIjpbIjY0Yjg1Y2Y3ZTU2OWU3NWVjMzk1Njk2YyIsImNzdiJdLCJleHAiOjE2ODk5MjU0NDh9.OQ8AtbbcrzENc2m6bwyPQyJyZJsu3aSlNXCBwGVJaB8&format=csv", "https://otx.alienvault.com/otxapi/pulses/6488e17e5b38aad62e392783/export/?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6Ik5vdmF0ZWNoVGhyZWF0RmVlZCIsInZhbHVlIjpbIjY0ODhlMTdlNWIzOGFhZDYyZTM5Mjc4MyIsInN0aXgyLjEiXSwiZXhwIjoxNjg5OTI2MjUzfQ.1ddMjIWc5iLhP4qRG6Qhwsrs3VTccJsa5EwRqAcJ1dA&format=stix2.1", "https://community.riskiq.com/article/6d9ea368", "https://otx.alienvault.com/otxapi/pulses/6459446e51e8c709f5b9ba99/export/?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6Ik5vdmF0ZWNoVGhyZWF0RmVlZCIsInZhbHVlIjpbIjY0NTk0NDZlNTFlOGM3MDlmNWI5YmE5OSIsInN0aXgyLjEiXSwiZXhwIjoxNjg5OTI2MTQxfQ.vi3ZVOWL32HzqZRMWBPucDea4U2PD6yJb2QaPm5lF-Q&format=stix2.1", "https://otx.alienvault.com/otxapi/pulses/622603f902b921bbbc9ab78d/export/?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6Ik5vdmF0ZWNoVGhyZWF0RmVlZCIsInZhbHVlIjpbIjYyMjYwM2Y5MDJiOTIxYmJiYzlhYjc4ZCIsInN0aXgyLjEiXSwiZXhwIjoxNjg5OTI2MTE3fQ.jClDCc0MliUwhQ4Qib7O_Ej23bsHGzLq34A8LXbz5oo&format=stix2.1", "https://otx.alienvault.com/otxapi/pulses/643fd0625328e35cba6d1ace/export/?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6Ik5vdmF0ZWNoVGhyZWF0RmVlZCIsInZhbHVlIjpbIjY0M2ZkMDYyNTMyOGUzNWNiYTZkMWFjZSIsInN0aXgyLjEiXSwiZXhwIjoxNjg5OTI2NTYwfQ.2beuCr1juM0OQOLiB-nrQ9KnxcYHSbteP7y32_OP3uc&format=stix2.1", "https://www.cisa.gov/uscert/ncas/alerts/aa22-257a", "https://otx.alienvault.com/otxapi/pulses/62ea7df481ecb7b1966c3e36/export/?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6Ik5vdmF0ZWNoVGhyZWF0RmVlZCIsInZhbHVlIjpbIjYyZWE3ZGY0ODFlY2I3YjE5NjZjM2UzNiIsInN0aXgyLjEiXSwiZXhwIjoxNjg5OTI2MTYzfQ.Iz1Lf2XXaTV5zhSciszsbV8eKJ09dZP0JNmehv_NYKk&format=stix2.1", "https://otx.alienvault.com/otxapi/pulses/6213b203dd1fae0e1c1e389c/export/?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6Ik5vdmF0ZWNoVGhyZWF0RmVlZCIsInZhbHVlIjpbIjYyMTNiMjAzZGQxZmFlMGUxYzFlMzg5YyIsInN0aXgyLjEiXSwiZXhwIjoxNjg5OTI2MTg1fQ.jpPxQJgrUDUcn4s37djLT1ZKYnYMG6665oYVOByOtDw&format=stix2.1", "https://otx.alienvault.com/otxapi/pulses/643f75ba5b3359ae372680cc/export/?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6Ik5vdmF0ZWNoVGhyZWF0RmVlZCIsInZhbHVlIjpbIjY0M2Y3NWJhNWIzMzU5YWUzNzI2ODBjYyIsInN0aXgyLjEiXSwiZXhwIjoxNjg5OTI2NjYwfQ.14nUOtdbXzyO5vRnpF7eUu4njUu6wM1ZTHzC4AsVfFo&format=stix2.1", "https://otx.alienvault.com/otxapi/pulses/643dd431ac3efe5772594c14/export/?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6Ik5vdmF0ZWNoVGhyZWF0RmVlZCIsInZhbHVlIjpbIjY0M2RkNDMxYWMzZWZlNTc3MjU5NGMxNCIsInN0aXgyLjEiXSwiZXhwIjoxNjg5OTI2ODQwfQ.OEtL3L0HbnOOfbPWOMQ26vnLLLfvucXkwGVWjNIQmMc&format=stix2.1", "https://otx.alienvault.com/otxapi/pulses/643eed3d1e43451363281e34/export/?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6Ik5vdmF0ZWNoVGhyZWF0RmVlZCIsInZhbHVlIjpbIjY0M2VlZDNkMWU0MzQ1MTM2MzI4MWUzNCIsInN0aXgyLjEiXSwiZXhwIjoxNjg5OTI2NzMzfQ.q0pJ-yGRU91EHs3hcJmcJmIsk2RCUPyr2R65CDn9CEg&format=stix2.1", "https://otx.alienvault.com/otxapi/pulses/64b47f8cb603db3b79111a89/export/?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6Ik5vdmF0ZWNoVGhyZWF0RmVlZCIsInZhbHVlIjpbIjY0YjQ3ZjhjYjYwM2RiM2I3OTExMWE4OSIsInN0aXgyLjEiXSwiZXhwIjoxNjg5OTI2MzYwfQ.FJBYg1af8-c2CYfMgeQWhm6BnwDmgh7D3DTqFq1IxL8&format=stix2.1", "https://otx.alienvault.com/otxapi/pulses/643f00f554c143f52de70b31/export/?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6Ik5vdmF0ZWNoVGhyZWF0RmVlZCIsInZhbHVlIjpbIjY0M2YwMGY1NTRjMTQzZjUyZGU3MGIzMSIsInN0aXgyLjEiXSwiZXhwIjoxNjg5OTI2Njk4fQ.wF3OTclDkjSHoom04hQZ6-kB0EYYXbBndq_BuN2LxOo&format=stix2.1", "https://otx.alienvault.com/otxapi/pulses/64b08b009734df5ccdd377bf/export/?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6Ik5vdmF0ZWNoVGhyZWF0RmVlZCIsInZhbHVlIjpbIjY0YjA4YjAwOTczNGRmNWNjZGQzNzdiZiIsInN0aXgyLjEiXSwiZXhwIjoxNjg5OTI2NDIwfQ.loAonIXFIlmaqxCC9JrjuCH1_TcH0WibuxX3Uuw-GdU&format=stix2.1", "https://otx.alienvault.com/otxapi/pulses/643e6a3809de0b0f0e941324/export/?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6Ik5vdmF0ZWNoVGhyZWF0RmVlZCIsInZhbHVlIjpbIjY0M2U2YTM4MDlkZTBiMGYwZTk0MTMyNCIsInN0aXgyLjEiXSwiZXhwIjoxNjg5OTI2ODEzfQ.GieEGNHACyjNO0MRljBk93lKkK_SSK-7BmlZXlP2lSE&format=stix2.1" ], "related": { "alienvault": { "adversary": [ "IRGC" ], "malware_families": [], "industries": [ "Critical infrastructure" ] }, "other": { "adversary": [ "Lazarus Group", "Iranian Islamic Revolutionary Guard Corps-Affiliated", "El Machete, TAG-100, Mirage, Unamed_Grooup", "APT35, Charming Kitten, Mint Sandstorm, Cobalt Mirage", "Mirage" ], "malware_families": [ "Hi.pdf" ], "industries": [ "Government", "Critical infrastructure" ] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 21, "pulses": [ { "id": "632323f7b974ea595174c847", "name": "Iranian Islamic Revolutionary Guard Corps-Affiliated Cyber Actors Exploiting Vulnerabilities for Data Extortion and Disk Encryption for Ransom Operations | CISA", "description": "Iranian government-sponsored APT actors are exploiting known Fortinet and Microsoft Exchange vulnerabilities to gain initial access to a broad range of targeted entities in furtherance of malicious activities, including ransom operations. The authoring agencies now judge these actors are an APT group affiliated with the IRGC.", "modified": "2022-10-15T12:01:33.826000", "created": "2022-09-15T13:09:10.174000", "tags": [ "ProxyShell", "Log4j", "Ransomware", "Winrar", "Credentials", "Bitlocker" ], "references": [ "https://www.cisa.gov/uscert/ncas/alerts/aa22-257a" ], "public": 1, "adversary": "IRGC", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1021", "name": "Remote Services", "display_name": "T1021 - Remote Services" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1087", "name": "Account Discovery", "display_name": "T1087 - Account Discovery" }, { "id": "T1068", "name": "Exploitation for Privilege Escalation", "display_name": "T1068 - Exploitation for Privilege Escalation" }, { "id": "T1495", "name": "Firmware Corruption", "display_name": "T1495 - Firmware Corruption" }, { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1136", "name": "Create Account", "display_name": "T1136 - Create Account" }, { "id": "T1190", "name": "Exploit Public-Facing Application", "display_name": "T1190 - Exploit Public-Facing Application" }, { "id": "T1486", "name": "Data Encrypted for Impact", "display_name": "T1486 - Data Encrypted for Impact" }, { "id": "T1560", "name": "Archive Collected Data", "display_name": "T1560 - Archive Collected Data" }, { "id": "T1588", "name": "Obtain Capabilities", "display_name": "T1588 - Obtain Capabilities" } ], "industries": [ "Critical Infrastructure" ], "TLP": "white", "cloned_from": null, "export_count": 540, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "CVE": 14, "FileHash-MD5": 14, "FileHash-SHA1": 11, "FileHash-SHA256": 11, "domain": 11, "email": 2 }, "indicator_count": 63, "is_author": false, "is_subscribing": null, "subscriber_count": 386726, "modified_text": "1325 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "686510765c13a0e97e20cb9c", "name": "Iranian APT actor-APT35 pt3", "description": "", "modified": "2025-08-01T10:03:06.225000", "created": "2025-07-02T10:56:54.075000", "tags": [], "references": [ "APT35 pt3.pdf" ], "public": 1, "adversary": "APT35, Charming Kitten, Mint Sandstorm, Cobalt Mirage", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 23, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "IMEBEEIMFINE", "id": "343873", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 124, "FileHash-SHA1": 103, "FileHash-SHA256": 106, "CVE": 6, "domain": 337, "email": 4, "hostname": 229 }, "indicator_count": 909, "is_author": false, "is_subscribing": null, "subscriber_count": 41, "modified_text": "304 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "68897aac34d205d5cfc55c74", "name": "Threat Actor Profile: Mirage", "description": "# Mirage - Threat Actor Profile\n\n**Report Date**: 2025-07-30\n\n**Actor Type**: unknown\n\n## Description\nMirage is a sophisticated cyber espionage group believed to be linked to Chinas Peoples Liberation Army PLA. The groups primary focus is on intelligence gathering, targeting sectors like aerospace and defense. They employ a variety of tactics and tools, including custom malware.\n\n## Targeted Sectors\n* Administraci\u00f3n p\u00fablica\n* Transporte a\u00e9reo\n* Manufactura\n* Investigaci\u00f3n y tecnolog\u00eda espacial\n* Servicios p\u00fablicos\n* ... y 10 m\u00e1s\n\n## Targeted Countries\n* Rep\u00fablica Dominicana\n* India 2\n* Ghana\n* Siria\n* Venezuela\n* ... y 61 m\u00e1s", "modified": "2025-07-30T01:51:40.989000", "created": "2025-07-30T01:51:40.989000", "tags": [ "threat_actor", "unknown", "target:Dominican Republic", "target:India 2", "target:Ghana", "target:Siria", "target:Venezuela", "target:India", "target:Switzerland", "target:El Salvador", "target:Italy", "target:Mali", "target:Colombia", "target:Pakistan", "target:Panama", "target:Barbados", "target:Bulgaria", "target:But\u00e1n", "target:Albania", "target:South Africa", "target:Uzbekist\u00e1n", "target:Chequia", "target:Ecuador", "target:Eslovaquia", "target:Guatemala", "target:Belgium", "target:Montenegro", "target:Malaysia", "target:Poland", "target:Egypt", "target:EE.UU.", "target:Trinidad y Tobago", "target:Afganist\u00e1n", "target:Georgia", "target:Nigeria", "target:Saudi Arabia", "target:Brazil", "target:France", "target:Indonesia", "target:Chile", "target:Jamaica", "target:Hungary", "target:Portugal", "target:United Kingdom", "target:Peru", "target:Iran", "target:Turqu\u00eda", "target:Kazajist\u00e1n", "target:Bosnia y Herzegovina", "target:China", "target:Sri Lanka", "target:Croacia", "target:Germany", "target:Libia", "target:Mexico", "target:United Arab Emirates", "target:Argentina", "target:Global", "target:Netherlands", "target:Japan", "target:Bolivia", "target:Yibuti", "target:Vietnam", "target:Fiyi", "target:Cuba", "target:Camboya", "target:Taiw\u00e1n", "target:United States" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 20, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "fraevolquez", "id": "91700", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 6, "hostname": 48, "domain": 41 }, "indicator_count": 95, "is_author": false, "is_subscribing": null, "subscriber_count": 55, "modified_text": "306 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6851f4070f95e4f44c09efcf", "name": "Threat Actor Profile: Mirage", "description": "# Mirage - Threat Actor Profile\n\n**Report Date**: 2025-06-17\n\n**Actor Type**: unknown\n\n## Description\nMirage is a sophisticated cyber espionage group believed to be linked to Chinas Peoples Liberation Army PLA. The groups primary focus is on intelligence gathering, targeting sectors like aerospace and defense. They employ a variety of tactics and tools, including custom malware.\n\n## Targeted Sectors\n* Administraci\u00f3n p\u00fablica\n* Transporte a\u00e9reo\n* Manufactura\n* Investigaci\u00f3n y tecnolog\u00eda espacial\n* Servicios p\u00fablicos\n* ... y 10 m\u00e1s\n\n## Targeted Countries\n* Rep\u00fablica Dominicana\n* India 2\n* Ghana\n* Siria\n* Venezuela\n* ... y 61 m\u00e1s", "modified": "2025-06-17T23:02:30.349000", "created": "2025-06-17T23:02:30.349000", "tags": [ "threat_actor", "unknown", "target:Dominican Republic", "target:India 2", "target:Ghana", "target:Siria", "target:Venezuela", "target:India", "target:Switzerland", "target:El Salvador", "target:Italy", "target:Mali", "target:Colombia", "target:Pakistan", "target:Panama", "target:Barbados", "target:Bulgaria", "target:But\u00e1n", "target:Albania", "target:South Africa", "target:Uzbekist\u00e1n", "target:Chequia", "target:Ecuador", "target:Eslovaquia", "target:Guatemala", "target:Belgium", "target:Montenegro", "target:Malaysia", "target:Poland", "target:Egypt", "target:EE.UU.", "target:Trinidad y Tobago", "target:Afganist\u00e1n", "target:Georgia", "target:Nigeria", "target:Saudi Arabia", "target:Brazil", "target:France", "target:Indonesia", "target:Chile", "target:Jamaica", "target:Hungary", "target:Portugal", "target:United Kingdom", "target:Peru", "target:Iran", "target:Turqu\u00eda", "target:Kazajist\u00e1n", "target:Bosnia y Herzegovina", "target:China", "target:Sri Lanka", "target:Croacia", "target:Germany", "target:Libia", "target:Mexico", "target:United Arab Emirates", "target:Argentina", "target:Global", "target:Netherlands", "target:Japan", "target:Bolivia", "target:Yibuti", "target:Vietnam", "target:Fiyi", "target:Cuba", "target:Camboya", "target:Taiw\u00e1n", "target:United States" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 20, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "fraevolquez", "id": "91700", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 6, "hostname": 48, "domain": 41 }, "indicator_count": 95, "is_author": false, "is_subscribing": null, "subscriber_count": 56, "modified_text": "348 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "683df46be3b5f1ff932aa84a", "name": "Threat Actor Profile: Mirage", "description": "# Mirage - Threat Actor Profile\n\n**Report Date**: 2025-06-02\n\n**Actor Type**: unknown\n\n## Description\nMirage is a sophisticated cyber espionage group believed to be linked to Chinas Peoples Liberation Army PLA. The groups primary focus is on intelligence gathering, targeting sectors like aerospace and defense. They employ a variety of tactics and tools, including custom malware.\n\n## Targeted Sectors\n* Administraci\u00f3n p\u00fablica\n* Transporte a\u00e9reo\n* Manufactura\n* Investigaci\u00f3n y tecnolog\u00eda espacial\n* Servicios p\u00fablicos\n* ... y 10 m\u00e1s\n\n## Targeted Countries\n* Rep\u00fablica Dominicana\n* India 2\n* Ghana\n* Siria\n* Venezuela\n* ... y 61 m\u00e1s", "modified": "2025-06-02T18:58:51.287000", "created": "2025-06-02T18:58:51.287000", "tags": [ "threat_actor", "unknown", "target:Dominican Republic", "target:India 2", "target:Ghana", "target:Siria", "target:Venezuela", "target:India", "target:Switzerland", "target:El Salvador", "target:Italy", "target:Mali", "target:Colombia", "target:Pakistan", "target:Panama", "target:Barbados", "target:Bulgaria", "target:But\u00e1n", "target:Albania", "target:South Africa", "target:Uzbekist\u00e1n", "target:Chequia", "target:Ecuador", "target:Eslovaquia", "target:Guatemala", "target:Belgium", "target:Montenegro", "target:Malaysia", "target:Poland", "target:Egypt", "target:EE.UU.", "target:Trinidad y Tobago", "target:Afganist\u00e1n", "target:Georgia", "target:Nigeria", "target:Saudi Arabia", "target:Brazil", "target:France", "target:Indonesia", "target:Chile", "target:Jamaica", "target:Hungary", "target:Portugal", "target:United Kingdom", "target:Peru", "target:Iran", "target:Turqu\u00eda", "target:Kazajist\u00e1n", "target:Bosnia y Herzegovina", "target:China", "target:Sri Lanka", "target:Croacia", "target:Germany", "target:Libia", "target:Mexico", "target:United Arab Emirates", "target:Argentina", "target:Global", "target:Netherlands", "target:Japan", "target:Bolivia", "target:Yibuti", "target:Vietnam", "target:Fiyi", "target:Cuba", "target:Camboya", "target:Taiw\u00e1n", "target:United States" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "fraevolquez", "id": "91700", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 6, "hostname": 48, "domain": 41 }, "indicator_count": 95, "is_author": false, "is_subscribing": null, "subscriber_count": 55, "modified_text": "363 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "681d16a9fdb8ff7bfe8db459", "name": "Threat Actor Profile: Mirage", "description": "# Mirage - Threat Actor Profile\n\n**Report Date**: 2025-05-08\n\n**Actor Type**: unknown\n\n## Description\nMirage is a sophisticated cyber espionage group believed to be linked to Chinas Peoples Liberation Army PLA. The groups primary focus is on intelligence gathering, targeting sectors like aerospace and defense. They employ a variety of tactics and tools, including custom malware.\n\n## Targeted Sectors\n* Administraci\u00f3n p\u00fablica\n* Transporte a\u00e9reo\n* Manufactura\n* Investigaci\u00f3n y tecnolog\u00eda espacial\n* Servicios p\u00fablicos\n* ... y 10 m\u00e1s\n\n## Targeted Countries\n* Rep\u00fablica Dominicana\n* India 2\n* Ghana\n* Siria\n* Venezuela\n* ... y 61 m\u00e1s", "modified": "2025-05-08T20:40:09.409000", "created": "2025-05-08T20:40:09.409000", "tags": [ "threat_actor", "unknown", "target:Dominican Republic", "target:India 2", "target:Ghana", "target:Siria", "target:Venezuela", "target:India", "target:Switzerland", "target:El Salvador", "target:Italy", "target:Mali", "target:Colombia", "target:Pakistan", "target:Panama", "target:Barbados", "target:Bulgaria", "target:But\u00e1n", "target:Albania", "target:South Africa", "target:Uzbekist\u00e1n", "target:Chequia", "target:Ecuador", "target:Eslovaquia", "target:Guatemala", "target:Belgium", "target:Montenegro", "target:Malaysia", "target:Poland", "target:Egypt", "target:EE.UU.", "target:Trinidad y Tobago", "target:Afganist\u00e1n", "target:Georgia", "target:Nigeria", "target:Saudi Arabia", "target:Brazil", "target:France", "target:Indonesia", "target:Chile", "target:Jamaica", "target:Hungary", "target:Portugal", "target:United Kingdom", "target:Peru", "target:Iran", "target:Turqu\u00eda", "target:Kazajist\u00e1n", "target:Bosnia y Herzegovina", "target:China", "target:Sri Lanka", "target:Croacia", "target:Germany", "target:Libia", "target:Mexico", "target:United Arab Emirates", "target:Argentina", "target:Global", "target:Netherlands", "target:Japan", "target:Bolivia", "target:Yibuti", "target:Vietnam", "target:Fiyi", "target:Cuba", "target:Camboya", "target:Taiw\u00e1n", "target:United States" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "fraevolquez", "id": "91700", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 6, "hostname": 48, "domain": 41 }, "indicator_count": 95, "is_author": false, "is_subscribing": null, "subscriber_count": 55, "modified_text": "388 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "680190c45c13710c439a3db0", "name": "Threat Actor Profile: Mirage", "description": "# Mirage - Threat Actor Profile\n\n**Report Date**: 2025-04-17\n\n**Actor Type**: unknown\n\n## Description\nMirage is a sophisticated cyber espionage group believed to be linked to Chinas Peoples Liberation Army PLA. The groups primary focus is on intelligence gathering, targeting sectors like aerospace and defense. They employ a variety of tactics and tools, including custom malware.\n\n## Targeted Sectors\n* Administraci\u00f3n p\u00fablica\n* Transporte a\u00e9reo\n* Manufactura\n* Investigaci\u00f3n y tecnolog\u00eda espacial\n* Servicios p\u00fablicos\n* ... y 10 m\u00e1s\n\n## Targeted Countries\n* Rep\u00fablica Dominicana\n* India 2\n* Ghana\n* Siria\n* Venezuela\n* ... y 61 m\u00e1s", "modified": "2025-04-17T23:37:40.060000", "created": "2025-04-17T23:37:40.060000", "tags": [ "threat_actor", "unknown", "target:Dominican Republic", "target:India 2", "target:Ghana", "target:Siria", "target:Venezuela", "target:India", "target:Switzerland", "target:El Salvador", "target:Italy", "target:Mali", "target:Colombia", "target:Pakistan", "target:Panama", "target:Barbados", "target:Bulgaria", "target:But\u00e1n", "target:Albania", "target:South Africa", "target:Uzbekist\u00e1n", "target:Chequia", "target:Ecuador", "target:Eslovaquia", "target:Guatemala", "target:Belgium", "target:Montenegro", "target:Malaysia", "target:Poland", "target:Egypt", "target:EE.UU.", "target:Trinidad y Tobago", "target:Afganist\u00e1n", "target:Georgia", "target:Nigeria", "target:Saudi Arabia", "target:Brazil", "target:France", "target:Indonesia", "target:Chile", "target:Jamaica", "target:Hungary", "target:Portugal", "target:United Kingdom", "target:Peru", "target:Iran", "target:Turqu\u00eda", "target:Kazajist\u00e1n", "target:Bosnia y Herzegovina", "target:China", "target:Sri Lanka", "target:Croacia", "target:Germany", "target:Libia", "target:Mexico", "target:United Arab Emirates", "target:Argentina", "target:Global", "target:Netherlands", "target:Japan", "target:Bolivia", "target:Yibuti", "target:Vietnam", "target:Fiyi", "target:Cuba", "target:Camboya", "target:Taiw\u00e1n", "target:United States" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "fraevolquez", "id": "91700", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 6, "hostname": 48, "domain": 41 }, "indicator_count": 95, "is_author": false, "is_subscribing": null, "subscriber_count": 55, "modified_text": "409 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "67ff13e09a7b60d18a996220", "name": "Threat Actor Profile: Mirage", "description": "# Mirage - Threat Actor Profile\n\n**Report Date**: 2025-04-16\n\n**Actor Type**: unknown\n\n## Description\nMirage is a sophisticated cyber espionage group believed to be linked to Chinas Peoples Liberation Army PLA. The groups primary focus is on intelligence gathering, targeting sectors like aerospace and defense. They employ a variety of tactics and tools, including custom malware.\n\n## Techniques\n* T1497\n* T1114.002\n* T1114\n* T1001\n* T1094\n* ... y 204 m\u00e1s\n\n## Targeted Sectors\n* Administraci\u00f3n p\u00fablica\n* Transporte a\u00e9reo\n* Manufactura\n* Investigaci\u00f3n y tecnolog\u00eda espacial\n* Servicios p\u00fablicos\n* ... y 10 m\u00e1s\n\n## Targeted Countries\n* Rep\u00fablica Dominicana\n* India 2\n* Ghana\n* Siria\n* Venezuela\n* ... y 61 m\u00e1s", "modified": "2025-04-16T02:20:16.466000", "created": "2025-04-16T02:20:16.466000", "tags": [ "threat_actor", "unknown", "T1497", "T1114.002", "T1114", "T1001", "T1094", "T1566.001", "T1068", "T1087.003", "T1111", "T1059.003", "T1053.002", "T1053.006", "TA0037", "T1014", "T1598.003", "T1602.002", "T1444", "T1081", "TA0004", "T1598.001", "T1598", "T1053.001", "T1574", "T1017", "T1602", "TA0002", "T1202", "T1194", "TA0005", "TA0011", "T1059.006", "T1031", "T1059", "T1055.004", "T1192", "T1574.006", "T1566.002", "T1156", "T1055.008", "T1056.003", "T1560", "T1053.007", "T1583.002", "T1055.001", "T1082", "T1027", "T1608.005", "T1071.001", "T1566", "T1038", "T1589", "T1041", "T1534", "T1105", "TA0009", "T1204.001", "T1155", "T1049", "T1001.003", "T1445", "T1056.001", "T1071.004", "T1608.001", "T1055.002", "T1210", "T1056", "T1450", "TA0006", "T1193", "T1055", "TA0043", "T1493", "TA0003", "TA0007", "T1491", "T1036", "T1036.004", "T1503", "T1114.001", "T1449", "T1566.003", "T1053", "T1110.002", "T1053.003", "T1459", "T1001.001", "T1598.002", "T1140", "T1059.007", "T1496", "TA0001", "T1088", "T1113", "T1071.003", "T1012", "T1046", "T1114.003", "T1129", "T1125", "T1071", "T1583.005_102", "106_T1056", "T1036.002", "T1112", "T1018", "T1021.002", "T1036.005", "T1547", "T1057", "T1008", "T1518", "T1170", "T1021", "T1011", "T1060", "T1539", "T1418", "T1614.001", "T1087.002", "T1021.001", "T1040", "T1020", "T1213", "T1069", "T1587", "T1533", "T1003.003", "T1003.004", "T1560.001", "T1548.002", "T1087", "T1069.002", "T1095", "T1426", "T1102", "T1201", "T1222", "T1070", "T1074", "T1033", "T1130", "T1569", "T1078.002", "T1552", "T1106", "T1190", "T1007", "T1495", "T1133", "T1090", "T1547.001", "T1588.002", "T1016", "T1422", "T1137", "T1588", "T1119", "T1437", "T1124", "T1569.002", "T1134", "T1005", "T1005.001", "T1003.002", "T1903", "T1059.001", "T1853", "T1115", "T1543.003", "T1430", "T1087.001", "T1587.001", "T1562.001", "T1543", "T1489", "T1078", "T1614", "T1509", "T1078.004", "T1083", "T1592.004", "T1558.001", "T1558", "T1530", "T1213.002", "T1047", "T1085", "T1003", "T1003.001", "T1120", "T1217", "T1074.001", "T1010", "T1218", "T1048", "T1553", "T1490", "T1497.003", "T1055.003", "T1571", "T11955", "T1204.002", "T1199", "T1204.", "T1595.002", "T1102.002", "T1583.003", "T1027.009", "T1027.013", "target:Dominican Republic", "target:India 2", "target:Ghana", "target:Siria", "target:Venezuela", "target:India", "target:Switzerland", "target:El Salvador", "target:Italy", "target:Mali", "target:Colombia", "target:Pakistan", "target:Panama", "target:Barbados", "target:Bulgaria", "target:But\u00e1n", "target:Albania", "target:South Africa", "target:Uzbekist\u00e1n", "target:Chequia", "target:Ecuador", "target:Eslovaquia", "target:Guatemala", "target:Belgium", "target:Montenegro", "target:Malaysia", "target:Poland", "target:Egypt", "target:EE.UU.", "target:Trinidad y Tobago", "target:Afganist\u00e1n", "target:Georgia", "target:Nigeria", "target:Saudi Arabia", "target:Brazil", "target:France", "target:Indonesia", "target:Chile", "target:Jamaica", "target:Hungary", "target:Portugal", "target:United Kingdom", "target:Peru", "target:Iran", "target:Turqu\u00eda", "target:Kazajist\u00e1n", "target:Bosnia y Herzegovina", "target:China", "target:Sri Lanka", "target:Croacia", "target:Germany", "target:Libia", "target:Mexico", "target:United Arab Emirates", "target:Argentina", "target:Global", "target:Netherlands", "target:Japan", "target:Bolivia", "target:Yibuti", "target:Vietnam", "target:Fiyi", "target:Cuba", "target:Camboya", "target:Taiw\u00e1n", "target:United States" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "fraevolquez", "id": "91700", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 6, "hostname": 48, "domain": 41 }, "indicator_count": 95, "is_author": false, "is_subscribing": null, "subscriber_count": 55, "modified_text": "411 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "67733b72d522398f5ea0a12d", "name": "Indicadores de Compromiso Estudiio de Inteligencia de Amenaza para Maestr\u00eda UASD Sobre Actores identificados en SOC Radar", "description": "Indicadores de Compromiso Estudiio de Inteligencia de Amenaza para Maestr\u00eda UASD Sobre Actores identificados en SOC Radar con Intereses en la Administraci\u00f3n P\u00fablica de la Rep\u00fablica Dominicana, Diciembre 2024", "modified": "2025-01-30T00:00:18.927000", "created": "2024-12-31T00:31:46.858000", "tags": [ "cve201711882", "cve20201472" ], "references": [], "public": 1, "adversary": "El Machete, TAG-100, Mirage, Unamed_Grooup", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 7, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "fraevolquez", "id": "91700", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 2631, "FileHash-SHA1": 2168, "FileHash-SHA256": 3401, "CVE": 25, "domain": 977, "hostname": 1226 }, "indicator_count": 10428, "is_author": false, "is_subscribing": null, "subscriber_count": 69, "modified_text": "487 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "677337a16d3d2b051137f251", "name": "Mirage", "description": "Mirage es un grupo de ciberespionaje vinculado al Ej\u00e9rcito Popular de Liberaci\u00f3n de China, centrado en la recopilaci\u00f3n de inteligencia en sectores como aeroespacial y defensa. Utilizan malware personalizado, spear-phishing y ataques a sitios web para infiltrar organizaciones.", "modified": "2025-01-30T00:00:18.927000", "created": "2024-12-31T00:15:29.657000", "tags": [], "references": [], "public": 1, "adversary": "Mirage", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 9, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "fraevolquez", "id": "91700", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 399, "FileHash-SHA1": 367, "FileHash-SHA256": 379, "CVE": 6, "domain": 41, "hostname": 48 }, "indicator_count": 1240, "is_author": false, "is_subscribing": null, "subscriber_count": 58, "modified_text": "487 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "mssync.one", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "mssync.one", "found": false, "verdict": "clean", "urls": [], "error": null }, "from_cache": true, "_cached_at": 1780336065.5839438 }