{ "type": "Domain", "indicator": "precisionsec.com", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/precisionsec.com", "alexa": "http://www.alexa.com/siteinfo/precisionsec.com", "indicator": "precisionsec.com", "type": "domain", "type_title": "Domain", "validation": [], "base_indicator": { "id": 424422578, "indicator": "precisionsec.com", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 48, "pulses": [ { "id": "69b95273abb52a5ec0fd0754", "name": "Threat Intel Report - W07-2026", "description": "These are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week.\n\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools.", "modified": "2026-03-17T13:09:07.099000", "created": "2026-03-17T13:09:07.099000", "tags": [ "mozi", "clearfake", "remcosrat", "microsoft", "week", "windows", "italy", "bangladesh", "iocs", "cobaltstrike", "dcrat", "february", "coinminer", "smoke loader", "agent tesla", "lumma stealer", "malware", "date", "quasarrat", "vidar", "telegram", "steam", "restart", "bitcoin", "shinyhunters", "python", "soar", "threat", "tesla", "ninja browser", "lumma" ], "references": [ "https://any.run/malware-trends/", "https://urlhaus.abuse.ch/" ], "public": 1, "adversary": "Threat", "targeted_countries": [ "Canada" ], "malware_families": [ { "id": "Tesla", "display_name": "Tesla", "target": null }, { "id": "ShinyHunters", "display_name": "ShinyHunters", "target": null }, { "id": "Ninja Browser", "display_name": "Ninja Browser", "target": null }, { "id": "Threat", "display_name": "Threat", "target": null }, { "id": "Lumma", "display_name": "Lumma", "target": null } ], "attack_ids": [ { "id": "T1090", "name": "Proxy", "display_name": "T1090 - Proxy" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1190", "name": "Exploit Public-Facing Application", "display_name": "T1190 - Exploit Public-Facing Application" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 457, "FileHash-MD5": 40, "FileHash-SHA1": 41, "FileHash-SHA256": 58, "CVE": 4, "IPv4": 276, "domain": 26, "hostname": 81 }, "indicator_count": 983, "is_author": false, "is_subscribing": null, "subscriber_count": 106, "modified_text": "28 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "68c7ca350c27d4818d54bf62", "name": "Threat Intel Report - W34-2025", "description": "These are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week.", "modified": "2025-10-15T09:53:41.327000", "created": "2025-09-15T08:11:33.621000", "tags": [ "mozi", "microsoft", "grouped", "windows", "week", "group", "coinminer", "iocs", "august", "compromise", "agent tesla", "malware", "sliver", "amadey", "tycoon", "quasar", "service", "lumma", "tesla", "qilin" ], "references": [ "https://urlhaus.abuse.ch/", "https://any.run/malware-trends/" ], "public": 1, "adversary": "", "targeted_countries": [ "India", "Russian Federation" ], "malware_families": [ { "id": "Lumma", "display_name": "Lumma", "target": null }, { "id": "Tesla", "display_name": "Tesla", "target": null }, { "id": "Qilin", "display_name": "Qilin", "target": null } ], "attack_ids": [ { "id": "T1090", "name": "Proxy", "display_name": "T1090 - Proxy" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1543", "name": "Create or Modify System Process", "display_name": "T1543 - Create or Modify System Process" } ], "industries": [ "Cryptocurrency", "Government", "Defense" ], "TLP": "white", "cloned_from": null, "export_count": 18, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 52, "URL": 264, "FileHash-MD5": 13, "FileHash-SHA1": 13, "FileHash-SHA256": 17, "hostname": 60 }, "indicator_count": 419, "is_author": false, "is_subscribing": null, "subscriber_count": 105, "modified_text": "181 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "68a2ee2d7d72510c53fe83f4", "name": "Threat Intel Report - W32-2025", "description": "These are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week. \n\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools.", "modified": "2025-09-17T09:03:35.910000", "created": "2025-08-18T09:11:09.011000", "tags": [ "mozi", "microsoft", "week", "google", "iocs", "sonicwall", "grouped", "compromise", "cvss", "cvss base", "android", "agent tesla", "asyncrat", "remcos", "ruby", "august", "malware", "date", "telegram", "ransomhub", "malicious" ], "references": [ "https://any.run/malware-trends/", "https://urlhaus.abuse.ch/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 23, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 66, "hostname": 78, "URL": 207, "FileHash-MD5": 18, "FileHash-SHA1": 18, "FileHash-SHA256": 18, "CVE": 2 }, "indicator_count": 407, "is_author": false, "is_subscribing": null, "subscriber_count": 106, "modified_text": "210 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "687f7d01085b8f8ad65f8544", "name": "Threat Intel Report - W27-2025", "description": "These are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week. \n\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools.", "modified": "2025-08-21T11:04:34.944000", "created": "2025-07-22T11:58:57.903000", "tags": [ "mozi", "grouped", "week", "group", "iocs", "microsoft", "ingram micro", "compromise", "italy", "cvss", "grok", "mexico", "agent tesla", "amadey", "june", "malware", "telegram", "asyncrat", "april", "code", "police" ], "references": [ "https://urlhaus.abuse.ch/", "https://any.run/malware-trends/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 18, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 76, "URL": 193, "FileHash-MD5": 18, "FileHash-SHA1": 18, "FileHash-SHA256": 20, "domain": 64 }, "indicator_count": 389, "is_author": false, "is_subscribing": null, "subscriber_count": 105, "modified_text": "236 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "686392e508db0be867f7399e", "name": "Threat Intel Report - W25-2025", "description": "These are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week. \n\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools.", "modified": "2025-07-31T07:01:54.261000", "created": "2025-07-01T07:48:53.450000", "tags": [ "cobaltstrike", "microsoft", "week", "grouped", "iocs", "group", "compromise", "urls http", "dcrat", "cvss", "remcos", "asyncrat", "lazarus", "malware", "date", "coinminer", "sliver", "steam", "june", "friday", "godfather", "service", "telecom", "godfather android" ], "references": [ "https://urlhaus.abuse.ch/", "https://any.run/malware-trends/" ], "public": 1, "adversary": "Lazarus", "targeted_countries": [ "United States of America" ], "malware_families": [ { "id": "Godfather Android", "display_name": "Godfather Android", "target": null } ], "attack_ids": [ { "id": "T1068", "name": "Exploitation for Privilege Escalation", "display_name": "T1068 - Exploitation for Privilege Escalation" } ], "industries": [ "Cryptocurrency", "Insurance" ], "TLP": "white", "cloned_from": null, "export_count": 32, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 151, "FileHash-MD5": 15, "FileHash-SHA1": 15, "FileHash-SHA256": 18, "domain": 53, "hostname": 95 }, "indicator_count": 347, "is_author": false, "is_subscribing": null, "subscriber_count": 106, "modified_text": "258 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6818a371cc417c23e582dcc5", "name": "Threat Intel Report - W18-2025", "description": "These are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week. \n\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools. \n\nThese details may be used as an additional layer to verify the current security posture of an organization against latest cyber trends.", "modified": "2025-06-04T11:00:42.004000", "created": "2025-05-05T11:39:29.491000", "tags": [ "mozi", "grouped", "week", "microsoft", "group", "iocs", "gmail", "compromise", "urls http", "cvss", "amadey", "asyncrat", "remcos", "malware", "date", "clearfake", "telegram", "april", "stealc", "flash", "august", "magento", "nullbulge" ], "references": [ "https://urlhaus.abuse.ch/", "https://any.run/malware-trends/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 19, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 54, "domain": 50, "URL": 196, "FileHash-MD5": 8, "FileHash-SHA1": 8, "FileHash-SHA256": 18 }, "indicator_count": 334, "is_author": false, "is_subscribing": null, "subscriber_count": 105, "modified_text": "314 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "680f5c36f8f8d4e2b86696c0", "name": "Threat Intel Report - W17-2025", "description": "These are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week. \n\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools.", "modified": "2025-05-28T10:02:27.221000", "created": "2025-04-28T10:45:10.012000", "tags": [ "mozi", "mozi link", "week", "microsoft", "iocs", "grouped", "compromise", "russia", "urls http", "cvss", "clearfake", "ukraine", "asyncrat", "remcos", "amadey", "dragonforce", "lazarus", "malware", "darktortilla", "stealc", "cobaltstrike", "telegram", "april", "february", "mtn", "wordpress" ], "references": [ "https://any.run/malware-trends/", "https://urlhaus.abuse.ch/" ], "public": 1, "adversary": "MTN", "targeted_countries": [ "Ukraine", "Korea, Republic of" ], "malware_families": [ { "id": "Wordpress", "display_name": "Wordpress", "target": null } ], "attack_ids": [ { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1102", "name": "Web Service", "display_name": "T1102 - Web Service" }, { "id": "T1189", "name": "Drive-by Compromise", "display_name": "T1189 - Drive-by Compromise" } ], "industries": [ "Telecommunications", "Cryptocurrency", "Telecom", "Finance" ], "TLP": "white", "cloned_from": null, "export_count": 26, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 66, "URL": 162, "domain": 76, "FileHash-MD5": 12, "FileHash-SHA1": 12, "FileHash-SHA256": 20 }, "indicator_count": 348, "is_author": false, "is_subscribing": null, "subscriber_count": 108, "modified_text": "321 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "680f5ba83da287237eb298c9", "name": "Threat Intel Report - W16-2025", "description": "These are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in a week. \n\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools.", "modified": "2025-05-28T10:02:27.221000", "created": "2025-04-28T10:42:48.579000", "tags": [ "mozi", "week", "clearfake", "iocs", "clickfix", "grouped", "compromise", "urls http", "cvss", "cvss base", "redline stealer", "remcos", "asyncrat", "malware", "date", "malicious", "telegram", "april", "android", "interlock" ], "references": [ "https://any.run/malware-trends/", "https://urlhaus.abuse.ch/" ], "public": 1, "adversary": "", "targeted_countries": [ "Korea, Democratic People's Republic of", "Iran, Islamic Republic of", "Russian Federation" ], "malware_families": [ { "id": "Interlock", "display_name": "Interlock", "target": null } ], "attack_ids": [], "industries": [ "Cryptocurrency", "Government" ], "TLP": "white", "cloned_from": null, "export_count": 19, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 72, "URL": 168, "domain": 59, "FileHash-MD5": 13, "FileHash-SHA1": 13, "FileHash-SHA256": 15, "CVE": 1 }, "indicator_count": 341, "is_author": false, "is_subscribing": null, "subscriber_count": 106, "modified_text": "321 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "680f5a8e01022a089e7764fb", "name": "Threat Intel Report - W15-2025", "description": "These are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week. \n\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools.", "modified": "2025-05-28T10:02:27.221000", "created": "2025-04-28T10:38:06.316000", "tags": [ "mozi", "grouped", "week", "group", "microsoft", "iocs", "clearfake", "compromise", "romania", "turkey", "stealc", "asyncrat", "amadey", "april", "malware", "date", "malicious", "mexico", "xworm", "telegram", "defender" ], "references": [ "https://any.run/malware-trends/", "https://urlhaus.abuse.ch/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [ "Cryptocurrency" ], "TLP": "white", "cloned_from": null, "export_count": 17, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 65, "URL": 170, "FileHash-MD5": 11, "FileHash-SHA1": 11, "FileHash-SHA256": 12, "hostname": 54 }, "indicator_count": 323, "is_author": false, "is_subscribing": null, "subscriber_count": 106, "modified_text": "321 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "680f59605f2cdb05ecfe52b7", "name": "Threat Intel Report - W14-2025", "description": "These are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week. \n\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools.", "modified": "2025-05-28T10:02:27.221000", "created": "2025-04-28T10:33:04.500000", "tags": [ "mozi", "wsgidav", "grouped", "week", "group", "iocs", "turkey", "compromise", "asyncrat", "urls http", "clearfake", "ukraine", "amadey", "remcos", "malware", "date", "indonesia", "uruguay", "telegram", "enterprise", "mark" ], "references": [ "https://any.run/malware-trends/", "https://urlhaus.abuse.ch/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [ "Cryptocurrency" ], "TLP": "white", "cloned_from": null, "export_count": 18, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 85, "URL": 159, "FileHash-MD5": 13, "FileHash-SHA1": 13, "FileHash-SHA256": 17, "domain": 59 }, "indicator_count": 346, "is_author": false, "is_subscribing": null, "subscriber_count": 106, "modified_text": "321 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "67ef8d571324a271de986299", "name": "Threat Intel Report - W12-2025", "description": "These are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week. \n\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools. \n\nThese details may be used as an additional layer to verify the current security posture of an organization against latest cyber trends.", "modified": "2025-05-04T07:02:31.627000", "created": "2025-04-04T07:42:15.839000", "tags": [ "mozi", "bangladesh", "singapore", "cobaltstrike", "united kingdom", "mozi link", "germany", "france", "china", "turkey", "pink", "indonesia", "clearfake", "ukraine", "panama", "remcos", "asyncrat", "agent tesla", "malware", "date", "snakekeylogger", "masslogger", "mexico", "ransomhub" ], "references": [ "https://urlhaus.abuse.ch/", "https://any.run/malware-trends/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "RansomHub", "display_name": "RansomHub", "target": null } ], "attack_ids": [ { "id": "T1195", "name": "Supply Chain Compromise", "display_name": "T1195 - Supply Chain Compromise" } ], "industries": [ "Cryptocurrency" ], "TLP": "white", "cloned_from": null, "export_count": 20, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 207, "FileHash-MD5": 16, "FileHash-SHA1": 16, "FileHash-SHA256": 19, "CVE": 1, "domain": 43, "hostname": 180 }, "indicator_count": 482, "is_author": false, "is_subscribing": null, "subscriber_count": 105, "modified_text": "346 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "67ef8924699b118fe8775508", "name": "Threat Intel Report - W10-2025", "description": "These are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week. \n\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools. \n\nThese details may be used as an additional layer to verify the current security posture of an organization against latest cyber trends.", "modified": "2025-05-04T07:02:31.627000", "created": "2025-04-04T07:24:20.314000", "tags": [ "cisos", "mozi", "coinminer", "germany", "mozi link", "singapore", "brazil", "russia", "united kingdom", "grouped", "france", "dcrat", "sliver", "ukraine", "asyncrat", "agent tesla", "malware", "date", "clearfake", "indonesia", "mexico", "panama", "paraguay", "steam", "february", "service", "qilin", "akira" ], "references": [ "https://urlhaus.abuse.ch/", "https://any.run/malware-trends/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Qilin", "display_name": "Qilin", "target": null }, { "id": "Akira", "display_name": "Akira", "target": null } ], "attack_ids": [ { "id": "T1123", "name": "Audio Capture", "display_name": "T1123 - Audio Capture" }, { "id": "T1552", "name": "Unsecured Credentials", "display_name": "T1552 - Unsecured Credentials" } ], "industries": [ "Cryptocurrency", "Telecom", "Telecommunication" ], "TLP": "white", "cloned_from": null, "export_count": 17, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 273, "FileHash-MD5": 12, "FileHash-SHA1": 12, "FileHash-SHA256": 16, "domain": 57, "hostname": 190 }, "indicator_count": 560, "is_author": false, "is_subscribing": null, "subscriber_count": 105, "modified_text": "346 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "67ef8acdfe632a32bd164cbc", "name": "Threat Intel Report - W11-2025", "description": "These are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week. \n\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools. \n\nThese details may be used as an additional layer to verify the current security posture of an organization against latest cyber trends.", "modified": "2025-05-04T07:02:31.627000", "created": "2025-04-04T07:31:25.772000", "tags": [ "mozi", "germany", "india", "china", "grouped", "vietnam", "united kingdom", "singapore", "week", "group", "indonesia", "clearfake", "asyncrat", "stealc", "smartloader", "mexico", "remcos", "malware", "date", "belarus", "ukraine", "amadey", "lockbit", "linux", "superblack", "akira" ], "references": [ "https://urlhaus.abuse.ch/", "https://any.run/malware-trends/" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [ { "id": "Linux", "display_name": "Linux", "target": null }, { "id": "SuperBlack", "display_name": "SuperBlack", "target": null }, { "id": "Akira", "display_name": "Akira", "target": null }, { "id": "LockBit", "display_name": "LockBit", "target": null } ], "attack_ids": [ { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" } ], "industries": [ "Cryptocurrency" ], "TLP": "white", "cloned_from": null, "export_count": 21, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 91, "FileHash-MD5": 51, "FileHash-SHA1": 51, "FileHash-SHA256": 117, "domain": 62, "hostname": 114 }, "indicator_count": 486, "is_author": false, "is_subscribing": null, "subscriber_count": 105, "modified_text": "346 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "67ef8df5d1dfcf2ce2fce716", "name": "Threat Intel Report - W13-2025", "description": "These are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week. \n\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools. \n\nThese details may be used as an additional layer to verify the current security posture of an organization against latest cyber trends.", "modified": "2025-05-04T07:02:31.627000", "created": "2025-04-04T07:44:53.871000", "tags": [ "mozi", "mozi link", "china", "russia", "microsoft", "windows", "week", "germany", "iocs", "clearfake", "indonesia", "remcos", "asyncrat", "sharepoint", "malware", "date", "mexico", "panama", "amadey", "infostealer", "sparrowdoor", "clop" ], "references": [ "https://urlhaus.abuse.ch/", "https://any.run/malware-trends/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Infostealer", "display_name": "Infostealer", "target": null }, { "id": "SparrowDoor", "display_name": "SparrowDoor", "target": null }, { "id": "Clop", "display_name": "Clop", "target": null } ], "attack_ids": [ { "id": "T1021", "name": "Remote Services", "display_name": "T1021 - Remote Services" } ], "industries": [ "Cryptocurrency", "Healthcare" ], "TLP": "white", "cloned_from": null, "export_count": 27, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 264, "FileHash-MD5": 12, "FileHash-SHA1": 12, "FileHash-SHA256": 18, "domain": 59, "hostname": 115 }, "indicator_count": 480, "is_author": false, "is_subscribing": null, "subscriber_count": 106, "modified_text": "346 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "67c6db8c356d3600c63bda5f", "name": "Threat Intel Report - W09-2025", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced from various channels and tools. \n\nThese are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week. \n\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools.", "modified": "2025-04-03T10:02:05.354000", "created": "2025-03-04T10:53:00.339000", "tags": [ "mozi", "singapore", "germany", "brazil", "france", "canada", "hong kong", "netherlands", "india", "week", "indonesia", "ukraine", "dcrat", "february", "lazarus", "asyncrat", "remcos", "malware", "date", "cobaltstrike", "clearfake", "panama", "mexico", "estonia", "steam", "close", "ransomware", "police", "android", "service", "friday", "pump", "grasscall", "vo1d" ], "references": [ "https://any.run/malware-trends/", "https://urlhaus.abuse.ch/" ], "public": 1, "adversary": "", "targeted_countries": [ "Thailand", "Australia" ], "malware_families": [ { "id": "GrassCall", "display_name": "GrassCall", "target": null }, { "id": "Vo1d", "display_name": "Vo1d", "target": null } ], "attack_ids": [ { "id": "T1090", "name": "Proxy", "display_name": "T1090 - Proxy" } ], "industries": [ "Cryptocurrency" ], "TLP": "white", "cloned_from": null, "export_count": 20, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 265, "FileHash-MD5": 15, "FileHash-SHA1": 15, "FileHash-SHA256": 18, "CVE": 1, "domain": 50, "hostname": 132 }, "indicator_count": 496, "is_author": false, "is_subscribing": null, "subscriber_count": 105, "modified_text": "376 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "67c6da18dc4aee1789e6e055", "name": "Threat Intel Report - W08-2025", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced from various channels and tools. \n\nThese are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week. \n\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools.", "modified": "2025-04-03T10:02:05.354000", "created": "2025-03-04T10:46:48.069000", "tags": [ "mozi", "wsgidav", "mozi link", "week", "germany", "iocs", "compromise", "australia", "urls https", "microsoft", "asyncrat", "agent tesla", "remcos", "malware", "date", "indonesia", "mexico", "february" ], "references": [ "https://any.run/malware-trends/", "https://urlhaus.abuse.ch/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1195", "name": "Supply Chain Compromise", "display_name": "T1195 - Supply Chain Compromise" } ], "industries": [ "Cryptocurrency" ], "TLP": "white", "cloned_from": null, "export_count": 13, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 94, "URL": 121, "FileHash-MD5": 14, "FileHash-SHA1": 14, "FileHash-SHA256": 15, "domain": 47 }, "indicator_count": 305, "is_author": false, "is_subscribing": null, "subscriber_count": 105, "modified_text": "376 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "67c6d94d3b0f65be3f6b60e1", "name": "Threat Intel Report - W07-2025", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced from various channels and tools. \n\nThese are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week. \n\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools.", "modified": "2025-04-03T10:02:05.354000", "created": "2025-03-04T10:43:25.849000", "tags": [ "mozi", "tech mahindra", "csrmirteam", "threat report", "south africa", "mozi lin", "germany", "greed mi", "greed mirai", "blacklist host", "indonesia", "asyncrat", "agent tesla", "police", "malware", "date", "jaff", "mylobot", "paraguay", "ukraine", "remcos", "february", "steam", "lumma", "finaldraft", "vidar", "ra world", "mirai" ], "references": [ "https://any.run/malware-trends/", "https://urlhaus.abuse.ch/" ], "public": 1, "adversary": "", "targeted_countries": [ "Russian Federation", "China", "United States of America" ], "malware_families": [ { "id": "Lumma", "display_name": "Lumma", "target": null }, { "id": "FinalDraft", "display_name": "FinalDraft", "target": null }, { "id": "Vidar", "display_name": "Vidar", "target": null }, { "id": "RA World", "display_name": "RA World", "target": null }, { "id": "mirai", "display_name": "mirai", "target": null } ], "attack_ids": [ { "id": "T1102", "name": "Web Service", "display_name": "T1102 - Web Service" } ], "industries": [ "Telecoms", "Cryptocurrency", "Telecommunications" ], "TLP": "white", "cloned_from": null, "export_count": 15, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 189, "FileHash-MD5": 13, "FileHash-SHA1": 13, "FileHash-SHA256": 18, "CVE": 1, "domain": 52, "hostname": 123 }, "indicator_count": 409, "is_author": false, "is_subscribing": null, "subscriber_count": 105, "modified_text": "376 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "679b60be026390028046f224", "name": "Threat Intel Report - W04-2025", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced \nfrom various channels and tools.\nThese are weekly base recommendations to all IT Administrators and CISOs to take corrective \nactions to upgrade their security infrastructure against newly identified threats and attacks in this \nweek.\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner \nthrough manual or automated tools.\nThese details may be used as an additional layer to verify the current security posture of an \norganization against latest cyber trend", "modified": "2025-03-01T11:00:13.105000", "created": "2025-01-30T11:21:34.012000", "tags": [ "mozi", "tech mahindra", "csrmirteam", "threat report", "germany", "singapore", "brazil", "blacklist host", "ip country", "latest spambot", "ukraine", "stealc", "indonesia", "asyncrat", "amadey", "malware", "paraguay", "xworm", "enterprise", "ransomware", "april", "android", "lumma", "change healthcare" ], "references": [ "https://urlhaus.abuse.ch/", "https://any.run/malware-trends/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Lumma", "display_name": "Lumma", "target": null }, { "id": "Change Healthcare", "display_name": "Change Healthcare", "target": null } ], "attack_ids": [], "industries": [ "Cryptocurrency" ], "TLP": "white", "cloned_from": null, "export_count": 29, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 80, "URL": 210, "FileHash-MD5": 13, "FileHash-SHA1": 13, "FileHash-SHA256": 17, "hostname": 78 }, "indicator_count": 411, "is_author": false, "is_subscribing": null, "subscriber_count": 107, "modified_text": "409 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "679b60138d4b0b4c394a6d8e", "name": "Threat Intel Report - W03-2025", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced \nfrom various channels and tools.\nThese are weekly base recommendations to all IT Administrators and CISOs to take corrective \nactions to upgrade their security infrastructure against newly identified threats and attacks in this \nweek.\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner \nthrough manual or automated tools.\nThese details may be used as an additional layer to verify the current security posture of an \norganization against latest cyber trends", "modified": "2025-03-01T11:00:13.105000", "created": "2025-01-30T11:18:43.667000", "tags": [ "mozi", "tech mahindra", "csrmirteam", "threat report", "mozi link", "singapore", "vanuatu", "germany", "brazil", "dateadded", "indonesia", "ukraine", "dcrat", "asyncrat", "malware", "date", "mexico", "sality", "steam", "general", "lumma" ], "references": [ "https://urlhaus.abuse.ch/", "https://any.run/malware-trends/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Lumma", "display_name": "Lumma", "target": null } ], "attack_ids": [ { "id": "T1068", "name": "Exploitation for Privilege Escalation", "display_name": "T1068 - Exploitation for Privilege Escalation" } ], "industries": [ "Cryptocurrency", "Government", "Diplomacy", "Defense" ], "TLP": "white", "cloned_from": null, "export_count": 27, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 80, "hostname": 85, "URL": 202, "CVE": 1, "FileHash-MD5": 12, "FileHash-SHA1": 12, "FileHash-SHA256": 13 }, "indicator_count": 405, "is_author": false, "is_subscribing": null, "subscriber_count": 107, "modified_text": "409 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "679b5efa5d923a359b46f95b", "name": "Threat Intel Report - W02-2025", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced \nfrom various channels and tools.\nThese are weekly base recommendations to all IT Administrators and CISOs to take corrective \nactions to upgrade their security infrastructure against newly identified threats and attacks in this \nweek.\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner \nthrough manual or automated tools.\nThese details may be used as an additional layer to verify the current security posture of an \norganization against latest cyber trends.", "modified": "2025-03-01T11:00:13.105000", "created": "2025-01-30T11:14:02.450000", "tags": [ "tech mahindra", "csrmirteam", "threat report", "cobaltstrike", "united kingdom", "brazil", "germany", "blacklist host", "ip country", "latest spambot", "coinminer", "cobalt strike", "indonesia", "ukraine", "agent tesla", "rats", "asyncrat", "proton", "malware", "date", "sliver", "privateloader", "cridex", "meduza stealer", "sagecrypt", "redlinestealer", "quasarrat", "xmrig", "calendar", "designer", "silk typhoon", "lumma" ], "references": [ "https://urlhaus.abuse.ch/", "https://any.run/malware-trends/" ], "public": 1, "adversary": "Silk Typhoon", "targeted_countries": [ "United States of America", "Japan" ], "malware_families": [ { "id": "Lumma", "display_name": "Lumma", "target": null } ], "attack_ids": [], "industries": [ "Cryptocurrency" ], "TLP": "white", "cloned_from": null, "export_count": 43, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 61, "URL": 134, "FileHash-MD5": 16, "FileHash-SHA1": 16, "FileHash-SHA256": 17, "CVE": 1, "hostname": 122 }, "indicator_count": 367, "is_author": false, "is_subscribing": null, "subscriber_count": 107, "modified_text": "409 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "679b5dfdefa11d18f84b2acd", "name": "Threat Intel Report - W01-2025", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced \nfrom various channels and tools.\nThese are weekly base recommendations to all IT Administrators and CISOs to take corrective \nactions to upgrade their security infrastructure against newly identified threats and attacks in this week.", "modified": "2025-03-01T10:02:53.494000", "created": "2025-01-30T11:09:49.734000", "tags": [ "mozi", "tech mahindra", "csrmirteam", "threat report", "netherland", "mozi link", "blacklist host", "ip country", "latest spambot", "visit", "dcrat", "uruguay", "asyncrat", "space bears", "malware", "date", "xworm", "sality", "steam", "lumma", "hardhat" ], "references": [ "https://urlhaus.abuse.ch/", "https://any.run/malware-trends/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Lumma", "display_name": "Lumma", "target": null }, { "id": "Hardhat", "display_name": "Hardhat", "target": null } ], "attack_ids": [], "industries": [ "Cryptocurrency" ], "TLP": "white", "cloned_from": null, "export_count": 28, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 74, "hostname": 83, "URL": 165, "FileHash-MD5": 14, "FileHash-SHA1": 14, "FileHash-SHA256": 14 }, "indicator_count": 364, "is_author": false, "is_subscribing": null, "subscriber_count": 105, "modified_text": "409 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6774e8cbdfa56e26aa4b1c00", "name": "Threat Intel Report - W53-2024", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced from various channels and tools. \n\nThese are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week. \n\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools. \n\nThese details may be used as an additional layer to verify the current security posture of an organization against latest cyber trends.", "modified": "2025-01-31T07:03:15.087000", "created": "2025-01-01T07:03:39.539000", "tags": [ "mozi", "brazil", "germany", "kazakstan", "singapore", "week", "russia", "iocs", "australia", "france", "ukraine", "indonesia", "stealc", "malware", "mexico", "cryptbot", "amadey", "date", "belarus", "uruguay", "apache", "lumma", "contagious interview", "mirai" ], "references": [ "https://any.run/malware-trends/", "https://urlhaus.abuse.ch/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Lumma", "display_name": "Lumma", "target": null }, { "id": "Contagious Interview", "display_name": "Contagious Interview", "target": null }, { "id": "Mirai", "display_name": "Mirai", "target": null } ], "attack_ids": [ { "id": "T1176", "name": "Browser Extensions", "display_name": "T1176 - Browser Extensions" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" } ], "industries": [ "Cryptocurrency" ], "TLP": "white", "cloned_from": null, "export_count": 24, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 81, "URL": 230, "FileHash-MD5": 9, "FileHash-SHA1": 9, "FileHash-SHA256": 15, "CVE": 1, "domain": 105 }, "indicator_count": 450, "is_author": false, "is_subscribing": null, "subscriber_count": 106, "modified_text": "439 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6774e7765d719c949d7d9be1", "name": "Threat Intel Report - W51-2024", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced from various channels and tools. \n\nThese are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week. \n\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools. \n\nThese details may be used as an additional layer to verify the current security posture of an organization against latest cyber trends.", "modified": "2025-01-31T06:04:58.629000", "created": "2025-01-01T06:57:58.991000", "tags": [ "mozi", "mintsloader", "germany", "brazil", "india", "week", "russia", "australia", "cisa", "iocs", "indonesia", "stealc", "asyncrat", "amadey", "winnti", "facebook", "malware", "date", "redlinestealer", "mexico", "android", "gamaredon", "police", "ukraine", "turla", "april" ], "references": [ "https://any.run/malware-trends/", "https://urlhaus.abuse.ch/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 28, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 76, "hostname": 79, "URL": 196, "FileHash-MD5": 13, "FileHash-SHA1": 13, "FileHash-SHA256": 16 }, "indicator_count": 393, "is_author": false, "is_subscribing": null, "subscriber_count": 105, "modified_text": "439 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6774e823196d078c848ed0e7", "name": "Threat Intel Report - W52-2024", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced from various channels and tools. \n\nThese are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week. \n\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools. \n\nThese details may be used as an additional layer to verify the current security posture of an organization against latest cyber trends.", "modified": "2025-01-31T06:04:58.629000", "created": "2025-01-01T07:00:51.580000", "tags": [ "mozi", "germany", "united kingdom", "asyncrat link", "russia", "brazil", "quakbot", "singapore", "week", "asyncrat", "ukraine", "mexico", "indonesia", "emmenhtal", "amadey", "play ransomware", "malware", "date", "paraguay", "slovakia", "first", "cryptbot", "lumma stealer", "alliance", "june", "android", "powershell" ], "references": [ "https://any.run/malware-trends/", "https://urlhaus.abuse.ch/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 20, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 70, "hostname": 92, "URL": 223, "CVE": 1, "FileHash-MD5": 12, "FileHash-SHA1": 12, "FileHash-SHA256": 16 }, "indicator_count": 426, "is_author": false, "is_subscribing": null, "subscriber_count": 105, "modified_text": "439 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6774e689893fa87d47d8b351", "name": "Threat Intel Report - W50-2024", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced from various channels and tools. \n\nThese are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week. \n\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools. \n\nThese details may be used as an additional layer to verify the current security posture of an organization against latest cyber trends", "modified": "2025-01-31T06:04:58.629000", "created": "2025-01-01T06:54:01.111000", "tags": [ "mozi", "mintsloader", "germany", "brazil", "india", "russia", "week", "australia", "united kingdom", "iocs", "indonesia", "stealc", "police", "asyncrat", "agent tesla", "april", "matrix", "malware", "date", "redlinestealer", "mexico", "august", "service", "turla", "exploit" ], "references": [ "https://any.run/malware-trends/", "https://urlhaus.abuse.ch/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 23, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 100, "URL": 184, "FileHash-MD5": 13, "FileHash-SHA1": 13, "FileHash-SHA256": 16, "domain": 47 }, "indicator_count": 373, "is_author": false, "is_subscribing": null, "subscriber_count": 105, "modified_text": "439 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6774e534fe316d0fa0097cc1", "name": "Threat Intel Report - W49-2024", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced from various channels and tools. \n\nThese are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week. \n\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools. \n\nThese details may be used as an additional layer to verify the current security posture of an organization against latest cyber trends.", "modified": "2025-01-31T06:04:58.629000", "created": "2025-01-01T06:48:20.173000", "tags": [ "mozi", "hong kong", "germany", "mozi link", "brazil", "bulgaria", "microsoft", "united kingdom", "week", "russia", "indonesia", "stealc", "asyncrat", "agent tesla", "malware", "date", "mexico", "ukraine", "panama" ], "references": [ "https://urlhaus.abuse.ch/", "https://any.run/malware-trends/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 14, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 99, "URL": 208, "FileHash-MD5": 16, "FileHash-SHA1": 16, "FileHash-SHA256": 21, "domain": 58 }, "indicator_count": 418, "is_author": false, "is_subscribing": null, "subscriber_count": 105, "modified_text": "439 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "66bb4c7e8dfacb55bce2db69", "name": "Threat Intel Report - W27-2024", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced from various channels and tools. \n\nThese are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week. \n\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools. \n\nThese details may be used as an additional layer to verify the current security posture of an organization against latest cyber trends.", "modified": "2024-09-12T12:04:36.044000", "created": "2024-08-13T12:07:26.492000", "tags": [ "mozi", "mozi link", "week", "windows", "germany", "android", "spain", "brazil", "italy", "russia", "risepro", "remcos", "powershell", "panama", "ukraine", "agent tesla", "asyncrat", "hijackloader", "june", "p2pinfect" ], "references": [ "https://any.run/malware-trends/", "https://myip.ms/browse/blacklist/Blacklist_IP_Blacklist_IP_Addresses_Live_Database_Real-time" ], "public": 1, "adversary": "", "targeted_countries": [ "France", "Italy", "United States of America", "Canada", "Spain", "United Kingdom of Great Britain and Northern Ireland", "T\u00fcrkiye" ], "malware_families": [], "attack_ids": [ { "id": "T1195", "name": "Supply Chain Compromise", "display_name": "T1195 - Supply Chain Compromise" } ], "industries": [ "Hospitality" ], "TLP": "white", "cloned_from": null, "export_count": 15, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 91, "URL": 150, "FileHash-MD5": 72, "FileHash-SHA1": 72, "FileHash-SHA256": 118, "domain": 7 }, "indicator_count": 510, "is_author": false, "is_subscribing": null, "subscriber_count": 106, "modified_text": "579 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "66bb4aefd227300a92540a40", "name": "Threat Intel Report - W28-2024", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced from various channels and tools. \n\nThese are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week. \n\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools. \n\nThese details may be used as an additional layer to verify the current security posture of an organization against latest cyber trends.", "modified": "2024-09-12T11:00:55.410000", "created": "2024-08-13T12:00:47.170000", "tags": [ "mozi", "brazil", "week", "spain", "russia", "france", "bulgaria", "japan", "united kingdom", "urls http", "agent tesla", "remcos", "ukraine", "cuba", "asyncrat", "june", "april", "union" ], "references": [ "https://any.run/malware-trends/", "https://myip.ms/browse/blacklist/Blacklist_IP_Blacklist_IP_Addresses_Live_Database_Real-time" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" } ], "industries": [ "Cryptocurrency", "Health", "Healthcare" ], "TLP": "white", "cloned_from": null, "export_count": 10, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 95, "FileHash-MD5": 46, "FileHash-SHA1": 46, "FileHash-SHA256": 113, "domain": 35, "hostname": 121 }, "indicator_count": 456, "is_author": false, "is_subscribing": null, "subscriber_count": 107, "modified_text": "579 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "66bb499894eef0a43910b072", "name": "Threat Intel Report - W29-2024", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced from various channels and tools. \n\nThese are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week. \n\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools. \n\nThese details may be used as an additional layer to verify the current security posture of an organization against latest cyber trends.", "modified": "2024-09-12T11:00:55.410000", "created": "2024-08-13T11:55:04.474000", "tags": [ "mozi", "microsoft", "windows", "russia", "week", "germany", "bulgaria", "united kingdom", "turkey", "brazil", "asyncrat", "powershell", "autoit", "coinminer", "recordbreaker", "redlinestealer", "indonesia", "agent tesla", "remcos", "august", "enterprise", "vipersoftx" ], "references": [ "https://any.run/malware-trends/", "https://myip.ms/browse/blacklist/Blacklist_IP_Blacklist_IP_Addresses_Live_Database_Real-time" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "ViperSoftX", "display_name": "ViperSoftX", "target": null } ], "attack_ids": [], "industries": [ "Cryptocurrency" ], "TLP": "white", "cloned_from": null, "export_count": 13, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 53, "URL": 138, "FileHash-MD5": 66, "FileHash-SHA1": 66, "FileHash-SHA256": 119, "hostname": 118 }, "indicator_count": 560, "is_author": false, "is_subscribing": null, "subscriber_count": 106, "modified_text": "579 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "66bb44c55928675e15bc818d", "name": "Threat Intel Report - W30-2024", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced from various channels and tools. \n\nThese are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week. \n\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools. \n\nThese details may be used as an additional layer to verify the current security posture of an organization against latest cyber trends.", "modified": "2024-09-12T11:00:55.410000", "created": "2024-08-13T11:34:29.979000", "tags": [ "mozi", "microsoft", "week", "windows", "panama", "germany", "russia", "lithuania", "romania", "urls http", "agent tesla", "asyncrat", "dcrat", "muddywater", "indonesia", "mexico", "remcos", "stealc", "steam", "lockbit", "february", "qilin" ], "references": [ "https://any.run/malware-trends/", "https://myip.ms/browse/blacklist/Blacklist_IP_Blacklist_IP_Addresses_Live_Database_Real-time" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Qilin", "display_name": "Qilin", "target": null } ], "attack_ids": [ { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 16, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 70, "hostname": 82, "URL": 211, "FileHash-MD5": 69, "FileHash-SHA1": 68, "FileHash-SHA256": 117, "CVE": 1 }, "indicator_count": 618, "is_author": false, "is_subscribing": null, "subscriber_count": 105, "modified_text": "579 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "66bb43d21eaad50b74da3b82", "name": "Threat Intel Report - W31-2024", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced from various channels and tools. \n\nThese are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week. \n\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools. \n\nThese details may be used as an additional layer to verify the current security posture of an organization against latest cyber trends.", "modified": "2024-09-12T11:00:55.410000", "created": "2024-08-13T11:30:26.108000", "tags": [ "mozi", "mozi link", "week", "windows", "microsoft", "penterac2", "russia", "germany", "cvss", "cvss base", "spynote", "mexico", "agent tesla", "remcos", "snakekeylogger", "coinminer", "panama", "indonesia", "asyncrat", "panda", "android" ], "references": [ "https://any.run/malware-trends/", "https://myip.ms/browse/blacklist/Blacklist_IP_Blacklist_IP_Addresses_Live_Database_Real-time" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 13, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 62, "hostname": 87, "URL": 136, "FileHash-MD5": 53, "FileHash-SHA1": 53, "FileHash-SHA256": 112 }, "indicator_count": 503, "is_author": false, "is_subscribing": null, "subscriber_count": 105, "modified_text": "579 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "66bb43d21b05a860a29b73c0", "name": "Threat Intel Report - W31-2024", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced from various channels and tools. \n\nThese are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week. \n\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools. \n\nThese details may be used as an additional layer to verify the current security posture of an organization against latest cyber trends.", "modified": "2024-09-12T11:00:55.410000", "created": "2024-08-13T11:30:26.211000", "tags": [ "mozi", "mozi link", "week", "windows", "microsoft", "penterac2", "russia", "germany", "cvss", "cvss base", "spynote", "mexico", "agent tesla", "remcos", "snakekeylogger", "coinminer", "panama", "indonesia", "asyncrat", "panda", "android" ], "references": [ "https://any.run/malware-trends/", "https://myip.ms/browse/blacklist/Blacklist_IP_Blacklist_IP_Addresses_Live_Database_Real-time" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 13, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 62, "hostname": 87, "URL": 136, "FileHash-MD5": 53, "FileHash-SHA1": 53, "FileHash-SHA256": 112 }, "indicator_count": 503, "is_author": false, "is_subscribing": null, "subscriber_count": 105, "modified_text": "579 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "66bb43ce0b5a9b42a54a3498", "name": "Threat Intel Report - W31-2024", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced from various channels and tools. \n\nThese are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week. \n\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools. \n\nThese details may be used as an additional layer to verify the current security posture of an organization against latest cyber trends.", "modified": "2024-09-12T11:00:55.410000", "created": "2024-08-13T11:30:22.195000", "tags": [ "mozi", "mozi link", "week", "windows", "microsoft", "penterac2", "russia", "germany", "cvss", "cvss base", "spynote", "mexico", "agent tesla", "remcos", "snakekeylogger", "coinminer", "panama", "indonesia", "asyncrat", "panda", "android" ], "references": [ "https://any.run/malware-trends/", "https://myip.ms/browse/blacklist/Blacklist_IP_Blacklist_IP_Addresses_Live_Database_Real-time" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 13, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 62, "hostname": 87, "URL": 136, "FileHash-MD5": 53, "FileHash-SHA1": 53, "FileHash-SHA256": 112 }, "indicator_count": 503, "is_author": false, "is_subscribing": null, "subscriber_count": 105, "modified_text": "579 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "66bb4194cec2a519f5835e30", "name": "Threat Intel Report - W32-2024", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced from various channels and tools[.] \n\nThese are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week[.] \n\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools[.] \n\nThese details may be used as an additional layer to verify the current security posture of an organization against latest cyber trends[.]", "modified": "2024-09-12T11:00:55.410000", "created": "2024-08-13T11:20:52.200000", "tags": [ "mozi", "russia", "week", "mozi link", "germany", "domains", "linux kernel", "cisa", "cvss", "cvss base", "asyncrat", "agent tesla", "remcos", "android", "vidar", "ukraine", "python", "rats", "service", "dark", "mandrake", "ransomware" ], "references": [ "https://any.run/malware-trends/", "https://myip.ms/browse/blacklist/Blacklist_IP_Blacklist_IP_Addresses_Live_Database_Real-time" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 17, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 46, "hostname": 94, "URL": 212, "FileHash-MD5": 47, "FileHash-SHA1": 47, "FileHash-SHA256": 118 }, "indicator_count": 564, "is_author": false, "is_subscribing": null, "subscriber_count": 105, "modified_text": "579 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6662e53539f591feafafe7ff", "name": "Threat Intel Report - W21-2024", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced from various channels and tools. \n\nThese are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week. \n\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools. \n\nThese details may be used as an additional layer to verify the current security posture of an organization against latest cyber trends.", "modified": "2024-07-07T10:01:50.774000", "created": "2024-06-07T10:47:17.864000", "tags": [ "microsoft", "windows", "week", "android", "risepro", "cisa", "cvss", "cvss base", "april", "google", "remcos", "protect", "winscp", "grandoreiro", "sliver", "rtkit", "tiger", "qakbot" ], "references": [ "https://any.run/malware-trends/", "https://myip.ms/browse/blacklist/Blacklist_IP_Blacklist_IP_Addresses_Live_Database_Real-time" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 25, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 87, "URL": 191, "FileHash-MD5": 56, "FileHash-SHA1": 56, "FileHash-SHA256": 119, "domain": 30 }, "indicator_count": 539, "is_author": false, "is_subscribing": null, "subscriber_count": 106, "modified_text": "646 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "63ce64b5608169251e3d188e", "name": "Threat Intel Report - W4-2023.pdf", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced from various channels and tools.\nThese are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week.\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools.\nThese details may be used as an additional layer to verify the current security posture of an organization against latest cyber trends.", "modified": "2023-02-22T10:02:28.482000", "created": "2023-01-23T10:43:01.825000", "tags": [], "references": [ "https://myip.ms/browse/blacklist/Blacklist_IP_Blacklist_IP_Addresses_Live_Database_ Real-time", "https://www.dnsbl.info/", "https://www.spamhaus.org/xbl/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 40, "FileHash-MD5": 9, "FileHash-SHA1": 9, "FileHash-SHA256": 13, "CVE": 2, "URL": 101, "hostname": 34 }, "indicator_count": 208, "is_author": false, "is_subscribing": null, "subscriber_count": 106, "modified_text": "1147 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6396eaa02e310144bdee2239", "name": "Threat Intel Report - W51-2022.pdf", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced from various channels and tools.\nThese are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week.\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools.\nThese details may be used as an additional layer to verify the current security posture of an organization against latest cyber trends.", "modified": "2023-01-11T08:01:06.278000", "created": "2022-12-12T08:47:28.496000", "tags": [], "references": [ "https://myip.ms/browse/blacklist/Blacklist_IP_Blacklist_IP_Addresses_Live_Database_ Real-time", "https://www.dnsbl.info/", "https://www.spamhaus.org/xbl/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 28, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 42, "hostname": 92, "FileHash-MD5": 24, "FileHash-SHA1": 28, "FileHash-SHA256": 36, "CVE": 1, "URL": 89 }, "indicator_count": 312, "is_author": false, "is_subscribing": null, "subscriber_count": 106, "modified_text": "1190 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6384777e524ec4344d25de0b", "name": "Threat Intel Report - W49-2022.pdf", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced from various channels and tools.\nThese are weekly based recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week.\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools.\nThese details may be used as an additional layer to verify the current security posture of an organization against latest cyber trends.", "modified": "2022-12-28T08:03:15.043000", "created": "2022-11-28T08:55:26.933000", "tags": [], "references": [ "https://myip.ms/browse/blacklist/Blacklist_IP_Blacklist_IP_Addresses_Live_Database_ Real-time", "https://www.dnsbl.info/", "https://www.spamhaus.org/xbl/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 7, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 1, "FileHash-MD5": 5, "FileHash-SHA1": 7, "FileHash-SHA256": 12, "URL": 102, "domain": 38, "hostname": 45 }, "indicator_count": 210, "is_author": false, "is_subscribing": null, "subscriber_count": 105, "modified_text": "1204 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "637b30662e1183e22aee7371", "name": "Threat Intel Report - W48-2022.pdf", "description": "", "modified": "2022-12-21T07:00:40.475000", "created": "2022-11-21T08:01:42.054000", "tags": [], "references": [ "https://myip.ms/browse/blacklist/Blacklist_IP_Blacklist_IP_Addresses_Live_Database_ Real-time", "https://www.dnsbl.info/", "https://www.spamhaus.org/xbl/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 11, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 208, "hostname": 56, "FileHash-MD5": 34, "FileHash-SHA1": 58, "FileHash-SHA256": 57, "CVE": 4, "domain": 161 }, "indicator_count": 578, "is_author": false, "is_subscribing": null, "subscriber_count": 106, "modified_text": "1211 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "635ffda049d729e6576602d7", "name": "Threat Intel Report - W45-2022", "description": "", "modified": "2022-11-30T16:05:43.873000", "created": "2022-10-31T16:53:52.854000", "tags": [], "references": [], "public": 1, "adversary": "Threat Intel Report - W45-2022", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 6, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 106, "FileHash-MD5": 11, "FileHash-SHA1": 11, "FileHash-SHA256": 13, "CVE": 1, "domain": 31, "hostname": 68 }, "indicator_count": 241, "is_author": false, "is_subscribing": null, "subscriber_count": 105, "modified_text": "1231 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "634d45d44bae594798aa34b8", "name": "Threat Intel Report - W43-2022.pdf", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced from various channels and tools.\nThese are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week.\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools.\nThese details may be used as an additional layer to verify the current security posture of an organization against latest cyber trends.", "modified": "2022-11-16T12:00:12.273000", "created": "2022-10-17T12:08:52.058000", "tags": [], "references": [ "Threat Intel Report - W43-2022.pdf", "https://myip.ms/browse/blacklist/Blacklist_IP_Blacklist_IP_Addresses_Live_Database_ Real-time", "https://www.dnsbl.info/", "https://www.spamhaus.org/xbl/", "https://psbl.org/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 16, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 37, "URL": 88, "CVE": 1, "FileHash-MD5": 9, "FileHash-SHA1": 9, "FileHash-SHA256": 13, "hostname": 29 }, "indicator_count": 186, "is_author": false, "is_subscribing": null, "subscriber_count": 107, "modified_text": "1245 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "633175e64b9159c220fb14a0", "name": "Threat Intel Advisory Report - W40-2022", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced from various channels and tools.\nThese are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week.\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools.", "modified": "2022-10-26T09:02:08.137000", "created": "2022-09-26T09:50:30.871000", "tags": [], "references": [ "https://www.dnsbl.info/", "https://psbl.org/", "https://urlhaus.abuse.ch/browse/", "https://www.silobreaker.com/category/threat-reports/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 7, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 64, "domain": 56, "FileHash-MD5": 13, "FileHash-SHA1": 32, "FileHash-SHA256": 25, "URL": 42 }, "indicator_count": 232, "is_author": false, "is_subscribing": null, "subscriber_count": 105, "modified_text": "1267 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "63297db32a2503f61667c7f8", "name": "Threat Intel Advisory Report - W39-2022", "description": "", "modified": "2022-10-20T08:50:24.724000", "created": "2022-09-20T08:45:39.380000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 54, "URL": 99, "FileHash-MD5": 9, "FileHash-SHA1": 10, "FileHash-SHA256": 13, "CVE": 1, "domain": 37 }, "indicator_count": 223, "is_author": false, "is_subscribing": null, "subscriber_count": 105, "modified_text": "1273 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "631f0dc5f4226dc9c29e1e79", "name": "Threat Intel Report - W38-2022", "description": "", "modified": "2022-10-12T00:05:41.896000", "created": "2022-09-12T10:45:25.886000", "tags": [], "references": [], "public": 1, "adversary": "IOC- W38-2022", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 93, "CVE": 2, "FileHash-MD5": 10, "FileHash-SHA1": 9, "FileHash-SHA256": 12, "domain": 7, "hostname": 37 }, "indicator_count": 170, "is_author": false, "is_subscribing": null, "subscriber_count": 106, "modified_text": "1281 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6317137bd474b32c0162c595", "name": "Threat Intel Report - W37-2022", "description": "", "modified": "2022-10-06T00:00:46.407000", "created": "2022-09-06T09:31:39.761000", "tags": [], "references": [ "TechM-Threat Intel Report - W37-2022.pdf" ], "public": 1, "adversary": "Threat Intel Report - W37-2022", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 59, "hostname": 58, "URL": 71, "FileHash-MD5": 8, "FileHash-SHA1": 9, "FileHash-SHA256": 14, "CVE": 1 }, "indicator_count": 220, "is_author": false, "is_subscribing": null, "subscriber_count": 108, "modified_text": "1287 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "62bf189fbc2ec9c379bba1e8", "name": "TM Threat Intel Feed W25-2022", "description": "", "modified": "2022-07-31T00:02:44.153000", "created": "2022-07-01T15:54:07.928000", "tags": [], "references": [ "TM Threat Intel Feed - W25-2022.pdf" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 22, "hostname": 51, "URL": 109, "CVE": 1, "FileHash-MD5": 5, "FileHash-SHA1": 5, "FileHash-SHA256": 9 }, "indicator_count": 202, "is_author": false, "is_subscribing": null, "subscriber_count": 106, "modified_text": "1354 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "62bf193c856de5275ad3c997", "name": "TM Threat Intel Feed W27-2022", "description": "", "modified": "2022-07-31T00:02:44.153000", "created": "2022-07-01T15:56:44.035000", "tags": [], "references": [ "TechM-Threat Intel Report - W27-2022.pdf" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 24, "hostname": 24, "FileHash-MD5": 7, "FileHash-SHA1": 7, "FileHash-SHA256": 9, "URL": 104 }, "indicator_count": 175, "is_author": false, "is_subscribing": null, "subscriber_count": 106, "modified_text": "1354 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "62bf18f3e5de11ad0b0b39db", "name": "TM Threat Intel Feed W26-2022", "description": "", "modified": "2022-07-31T00:02:44.153000", "created": "2022-07-01T15:55:31.039000", "tags": [], "references": [ "TechM-Threat Intel Report - W26-2022.pdf" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 20, "URL": 107, "hostname": 24, "CVE": 1, "FileHash-MD5": 7, "FileHash-SHA1": 7, "FileHash-SHA256": 8 }, "indicator_count": 174, "is_author": false, "is_subscribing": null, "subscriber_count": 106, "modified_text": "1354 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "references": [ "https://urlhaus.abuse.ch/", "TM Threat Intel Feed - W25-2022.pdf", "https://www.silobreaker.com/category/threat-reports/", "https://urlhaus.abuse.ch/browse/", "https://www.spamhaus.org/xbl/", "Threat Intel Report - W43-2022.pdf", "TechM-Threat Intel Report - W26-2022.pdf", "https://any.run/malware-trends/", "https://myip.ms/browse/blacklist/Blacklist_IP_Blacklist_IP_Addresses_Live_Database_Real-time", "https://myip.ms/browse/blacklist/Blacklist_IP_Blacklist_IP_Addresses_Live_Database_ Real-time", "TechM-Threat Intel Report - W27-2022.pdf", "https://psbl.org/", "https://www.dnsbl.info/", "TechM-Threat Intel Report - W37-2022.pdf" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [] }, "other": { "adversary": [ "Threat Intel Report - W45-2022", "Threat", "IOC- W38-2022", "Silk Typhoon", "Threat Intel Report - W37-2022", "MTN", "Lazarus" ], "malware_families": [ "Grasscall", "Linux", "Vidar", "Ra world", "Interlock", "Tesla", "Vipersoftx", "Sparrowdoor", "Ninja browser", "Ransomhub", "Clop", "Infostealer", "Shinyhunters", "Finaldraft", "Threat", "Wordpress", "Lockbit", "Mirai", "Change healthcare", "Qilin", "Godfather android", "Contagious interview", "Lumma", "Superblack", "Hardhat", "Akira", "Vo1d" ], "industries": [ "Telecommunication", "Telecommunications", "Defense", "Telecom", "Health", "Cryptocurrency", "Finance", "Healthcare", "Telecoms", "Government", "Diplomacy", "Hospitality", "Insurance" ] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 48, "pulses": [ { "id": "69b95273abb52a5ec0fd0754", "name": "Threat Intel Report - W07-2026", "description": "These are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week.\n\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools.", "modified": "2026-03-17T13:09:07.099000", "created": "2026-03-17T13:09:07.099000", "tags": [ "mozi", "clearfake", "remcosrat", "microsoft", "week", "windows", "italy", "bangladesh", "iocs", "cobaltstrike", "dcrat", "february", "coinminer", "smoke loader", "agent tesla", "lumma stealer", "malware", "date", "quasarrat", "vidar", "telegram", "steam", "restart", "bitcoin", "shinyhunters", "python", "soar", "threat", "tesla", "ninja browser", "lumma" ], "references": [ "https://any.run/malware-trends/", "https://urlhaus.abuse.ch/" ], "public": 1, "adversary": "Threat", "targeted_countries": [ "Canada" ], "malware_families": [ { "id": "Tesla", "display_name": "Tesla", "target": null }, { "id": "ShinyHunters", "display_name": "ShinyHunters", "target": null }, { "id": "Ninja Browser", "display_name": "Ninja Browser", "target": null }, { "id": "Threat", "display_name": "Threat", "target": null }, { "id": "Lumma", "display_name": "Lumma", "target": null } ], "attack_ids": [ { "id": "T1090", "name": "Proxy", "display_name": "T1090 - Proxy" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1190", "name": "Exploit Public-Facing Application", "display_name": "T1190 - Exploit Public-Facing Application" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 457, "FileHash-MD5": 40, "FileHash-SHA1": 41, "FileHash-SHA256": 58, "CVE": 4, "IPv4": 276, "domain": 26, "hostname": 81 }, "indicator_count": 983, "is_author": false, "is_subscribing": null, "subscriber_count": 106, "modified_text": "28 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "68c7ca350c27d4818d54bf62", "name": "Threat Intel Report - W34-2025", "description": "These are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week.", "modified": "2025-10-15T09:53:41.327000", "created": "2025-09-15T08:11:33.621000", "tags": [ "mozi", "microsoft", "grouped", "windows", "week", "group", "coinminer", "iocs", "august", "compromise", "agent tesla", "malware", "sliver", "amadey", "tycoon", "quasar", "service", "lumma", "tesla", "qilin" ], "references": [ "https://urlhaus.abuse.ch/", "https://any.run/malware-trends/" ], "public": 1, "adversary": "", "targeted_countries": [ "India", "Russian Federation" ], "malware_families": [ { "id": "Lumma", "display_name": "Lumma", "target": null }, { "id": "Tesla", "display_name": "Tesla", "target": null }, { "id": "Qilin", "display_name": "Qilin", "target": null } ], "attack_ids": [ { "id": "T1090", "name": "Proxy", "display_name": "T1090 - Proxy" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1543", "name": "Create or Modify System Process", "display_name": "T1543 - Create or Modify System Process" } ], "industries": [ "Cryptocurrency", "Government", "Defense" ], "TLP": "white", "cloned_from": null, "export_count": 18, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 52, "URL": 264, "FileHash-MD5": 13, "FileHash-SHA1": 13, "FileHash-SHA256": 17, "hostname": 60 }, "indicator_count": 419, "is_author": false, "is_subscribing": null, "subscriber_count": 105, "modified_text": "181 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "68a2ee2d7d72510c53fe83f4", "name": "Threat Intel Report - W32-2025", "description": "These are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week. \n\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools.", "modified": "2025-09-17T09:03:35.910000", "created": "2025-08-18T09:11:09.011000", "tags": [ "mozi", "microsoft", "week", "google", "iocs", "sonicwall", "grouped", "compromise", "cvss", "cvss base", "android", "agent tesla", "asyncrat", "remcos", "ruby", "august", "malware", "date", "telegram", "ransomhub", "malicious" ], "references": [ "https://any.run/malware-trends/", "https://urlhaus.abuse.ch/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 23, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 66, "hostname": 78, "URL": 207, "FileHash-MD5": 18, "FileHash-SHA1": 18, "FileHash-SHA256": 18, "CVE": 2 }, "indicator_count": 407, "is_author": false, "is_subscribing": null, "subscriber_count": 106, "modified_text": "210 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "687f7d01085b8f8ad65f8544", "name": "Threat Intel Report - W27-2025", "description": "These are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week. \n\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools.", "modified": "2025-08-21T11:04:34.944000", "created": "2025-07-22T11:58:57.903000", "tags": [ "mozi", "grouped", "week", "group", "iocs", "microsoft", "ingram micro", "compromise", "italy", "cvss", "grok", "mexico", "agent tesla", "amadey", "june", "malware", "telegram", "asyncrat", "april", "code", "police" ], "references": [ "https://urlhaus.abuse.ch/", "https://any.run/malware-trends/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 18, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 76, "URL": 193, "FileHash-MD5": 18, "FileHash-SHA1": 18, "FileHash-SHA256": 20, "domain": 64 }, "indicator_count": 389, "is_author": false, "is_subscribing": null, "subscriber_count": 105, "modified_text": "236 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "686392e508db0be867f7399e", "name": "Threat Intel Report - W25-2025", "description": "These are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week. \n\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools.", "modified": "2025-07-31T07:01:54.261000", "created": "2025-07-01T07:48:53.450000", "tags": [ "cobaltstrike", "microsoft", "week", "grouped", "iocs", "group", "compromise", "urls http", "dcrat", "cvss", "remcos", "asyncrat", "lazarus", "malware", "date", "coinminer", "sliver", "steam", "june", "friday", "godfather", "service", "telecom", "godfather android" ], "references": [ "https://urlhaus.abuse.ch/", "https://any.run/malware-trends/" ], "public": 1, "adversary": "Lazarus", "targeted_countries": [ "United States of America" ], "malware_families": [ { "id": "Godfather Android", "display_name": "Godfather Android", "target": null } ], "attack_ids": [ { "id": "T1068", "name": "Exploitation for Privilege Escalation", "display_name": "T1068 - Exploitation for Privilege Escalation" } ], "industries": [ "Cryptocurrency", "Insurance" ], "TLP": "white", "cloned_from": null, "export_count": 32, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 151, "FileHash-MD5": 15, "FileHash-SHA1": 15, "FileHash-SHA256": 18, "domain": 53, "hostname": 95 }, "indicator_count": 347, "is_author": false, "is_subscribing": null, "subscriber_count": 106, "modified_text": "258 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6818a371cc417c23e582dcc5", "name": "Threat Intel Report - W18-2025", "description": "These are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week. \n\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools. \n\nThese details may be used as an additional layer to verify the current security posture of an organization against latest cyber trends.", "modified": "2025-06-04T11:00:42.004000", "created": "2025-05-05T11:39:29.491000", "tags": [ "mozi", "grouped", "week", "microsoft", "group", "iocs", "gmail", "compromise", "urls http", "cvss", "amadey", "asyncrat", "remcos", "malware", "date", "clearfake", "telegram", "april", "stealc", "flash", "august", "magento", "nullbulge" ], "references": [ "https://urlhaus.abuse.ch/", "https://any.run/malware-trends/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 19, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 54, "domain": 50, "URL": 196, "FileHash-MD5": 8, "FileHash-SHA1": 8, "FileHash-SHA256": 18 }, "indicator_count": 334, "is_author": false, "is_subscribing": null, "subscriber_count": 105, "modified_text": "314 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "680f5c36f8f8d4e2b86696c0", "name": "Threat Intel Report - W17-2025", "description": "These are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week. \n\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools.", "modified": "2025-05-28T10:02:27.221000", "created": "2025-04-28T10:45:10.012000", "tags": [ "mozi", "mozi link", "week", "microsoft", "iocs", "grouped", "compromise", "russia", "urls http", "cvss", "clearfake", "ukraine", "asyncrat", "remcos", "amadey", "dragonforce", "lazarus", "malware", "darktortilla", "stealc", "cobaltstrike", "telegram", "april", "february", "mtn", "wordpress" ], "references": [ "https://any.run/malware-trends/", "https://urlhaus.abuse.ch/" ], "public": 1, "adversary": "MTN", "targeted_countries": [ "Ukraine", "Korea, Republic of" ], "malware_families": [ { "id": "Wordpress", "display_name": "Wordpress", "target": null } ], "attack_ids": [ { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1102", "name": "Web Service", "display_name": "T1102 - Web Service" }, { "id": "T1189", "name": "Drive-by Compromise", "display_name": "T1189 - Drive-by Compromise" } ], "industries": [ "Telecommunications", "Cryptocurrency", "Telecom", "Finance" ], "TLP": "white", "cloned_from": null, "export_count": 26, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 66, "URL": 162, "domain": 76, "FileHash-MD5": 12, "FileHash-SHA1": 12, "FileHash-SHA256": 20 }, "indicator_count": 348, "is_author": false, "is_subscribing": null, "subscriber_count": 108, "modified_text": "321 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "680f5ba83da287237eb298c9", "name": "Threat Intel Report - W16-2025", "description": "These are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in a week. \n\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools.", "modified": "2025-05-28T10:02:27.221000", "created": "2025-04-28T10:42:48.579000", "tags": [ "mozi", "week", "clearfake", "iocs", "clickfix", "grouped", "compromise", "urls http", "cvss", "cvss base", "redline stealer", "remcos", "asyncrat", "malware", "date", "malicious", "telegram", "april", "android", "interlock" ], "references": [ "https://any.run/malware-trends/", "https://urlhaus.abuse.ch/" ], "public": 1, "adversary": "", "targeted_countries": [ "Korea, Democratic People's Republic of", "Iran, Islamic Republic of", "Russian Federation" ], "malware_families": [ { "id": "Interlock", "display_name": "Interlock", "target": null } ], "attack_ids": [], "industries": [ "Cryptocurrency", "Government" ], "TLP": "white", "cloned_from": null, "export_count": 19, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 72, "URL": 168, "domain": 59, "FileHash-MD5": 13, "FileHash-SHA1": 13, "FileHash-SHA256": 15, "CVE": 1 }, "indicator_count": 341, "is_author": false, "is_subscribing": null, "subscriber_count": 106, "modified_text": "321 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "680f5a8e01022a089e7764fb", "name": "Threat Intel Report - W15-2025", "description": "These are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week. \n\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools.", "modified": "2025-05-28T10:02:27.221000", "created": "2025-04-28T10:38:06.316000", "tags": [ "mozi", "grouped", "week", "group", "microsoft", "iocs", "clearfake", "compromise", "romania", "turkey", "stealc", "asyncrat", "amadey", "april", "malware", "date", "malicious", "mexico", "xworm", "telegram", "defender" ], "references": [ "https://any.run/malware-trends/", "https://urlhaus.abuse.ch/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [ "Cryptocurrency" ], "TLP": "white", "cloned_from": null, "export_count": 17, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 65, "URL": 170, "FileHash-MD5": 11, "FileHash-SHA1": 11, "FileHash-SHA256": 12, "hostname": 54 }, "indicator_count": 323, "is_author": false, "is_subscribing": null, "subscriber_count": 106, "modified_text": "321 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "680f59605f2cdb05ecfe52b7", "name": "Threat Intel Report - W14-2025", "description": "These are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week. \n\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools.", "modified": "2025-05-28T10:02:27.221000", "created": "2025-04-28T10:33:04.500000", "tags": [ "mozi", "wsgidav", "grouped", "week", "group", "iocs", "turkey", "compromise", "asyncrat", "urls http", "clearfake", "ukraine", "amadey", "remcos", "malware", "date", "indonesia", "uruguay", "telegram", "enterprise", "mark" ], "references": [ "https://any.run/malware-trends/", "https://urlhaus.abuse.ch/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [ "Cryptocurrency" ], "TLP": "white", "cloned_from": null, "export_count": 18, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 85, "URL": 159, "FileHash-MD5": 13, "FileHash-SHA1": 13, "FileHash-SHA256": 17, "domain": 59 }, "indicator_count": 346, "is_author": false, "is_subscribing": null, "subscriber_count": 106, "modified_text": "321 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "precisionsec.com", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "error": "HTTPSConnectionPool(host='urlhaus-api.abuse.ch', port=443): Max retries exceeded with url: /v1/host/ (Caused by NameResolutionError(\": Failed to resolve 'urlhaus-api.abuse.ch' ([Errno -3] Temporary failure in name resolution)\"))", "indicator": "precisionsec.com" }, "from_cache": true, "_cached_at": 1776244842.6881635 }