{ "type": "Domain", "indicator": "psbl.org", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/psbl.org", "alexa": "http://www.alexa.com/siteinfo/psbl.org", "indicator": "psbl.org", "type": "domain", "type_title": "Domain", "validation": [], "base_indicator": { "id": 3494773947, "indicator": "psbl.org", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 47, "pulses": [ { "id": "69b95273abb52a5ec0fd0754", "name": "Threat Intel Report - W07-2026", "description": "These are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week.\n\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools.", "modified": "2026-04-16T13:37:13.951000", "created": "2026-03-17T13:09:07.099000", "tags": [ "mozi", "clearfake", "remcosrat", "microsoft", "week", "windows", "italy", "bangladesh", "iocs", "cobaltstrike", "dcrat", "february", "coinminer", "smoke loader", "agent tesla", "lumma stealer", "malware", "date", "quasarrat", "vidar", "telegram", "steam", "restart", "bitcoin", "shinyhunters", "python", "soar", "threat", "tesla", "ninja browser", "lumma" ], "references": [ "https://any.run/malware-trends/", "https://urlhaus.abuse.ch/" ], "public": 1, "adversary": "Threat", "targeted_countries": [ "Canada" ], "malware_families": [ { "id": "Tesla", "display_name": "Tesla", "target": null }, { "id": "ShinyHunters", "display_name": "ShinyHunters", "target": null }, { "id": "Ninja Browser", "display_name": "Ninja Browser", "target": null }, { "id": "Threat", "display_name": "Threat", "target": null }, { "id": "Lumma", "display_name": "Lumma", "target": null } ], "attack_ids": [ { "id": "T1090", "name": "Proxy", "display_name": "T1090 - Proxy" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1190", "name": "Exploit Public-Facing Application", "display_name": "T1190 - Exploit Public-Facing Application" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 457, "FileHash-MD5": 40, "FileHash-SHA1": 41, "FileHash-SHA256": 58, "CVE": 4, "domain": 26, "hostname": 81 }, "indicator_count": 707, "is_author": false, "is_subscribing": null, "subscriber_count": 108, "modified_text": "44 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "68c7ca350c27d4818d54bf62", "name": "Threat Intel Report - W34-2025", "description": "These are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week.", "modified": "2025-10-15T09:53:41.327000", "created": "2025-09-15T08:11:33.621000", "tags": [ "mozi", "microsoft", "grouped", "windows", "week", "group", "coinminer", "iocs", "august", "compromise", "agent tesla", "malware", "sliver", "amadey", "tycoon", "quasar", "service", "lumma", "tesla", "qilin" ], "references": [ "https://urlhaus.abuse.ch/", "https://any.run/malware-trends/" ], "public": 1, "adversary": "", "targeted_countries": [ "India", "Russian Federation" ], "malware_families": [ { "id": "Lumma", "display_name": "Lumma", "target": null }, { "id": "Tesla", "display_name": "Tesla", "target": null }, { "id": "Qilin", "display_name": "Qilin", "target": null } ], "attack_ids": [ { "id": "T1090", "name": "Proxy", "display_name": "T1090 - Proxy" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1543", "name": "Create or Modify System Process", "display_name": "T1543 - Create or Modify System Process" } ], "industries": [ "Cryptocurrency", "Government", "Defense" ], "TLP": "white", "cloned_from": null, "export_count": 18, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 52, "URL": 264, "FileHash-MD5": 13, "FileHash-SHA1": 13, "FileHash-SHA256": 17, "hostname": 60 }, "indicator_count": 419, "is_author": false, "is_subscribing": null, "subscriber_count": 106, "modified_text": "227 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "68a2ee2d7d72510c53fe83f4", "name": "Threat Intel Report - W32-2025", "description": "These are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week. \n\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools.", "modified": "2025-09-17T09:03:35.910000", "created": "2025-08-18T09:11:09.011000", "tags": [ "mozi", "microsoft", "week", "google", "iocs", "sonicwall", "grouped", "compromise", "cvss", "cvss base", "android", "agent tesla", "asyncrat", "remcos", "ruby", "august", "malware", "date", "telegram", "ransomhub", "malicious" ], "references": [ "https://any.run/malware-trends/", "https://urlhaus.abuse.ch/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 23, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 66, "hostname": 78, "URL": 207, "FileHash-MD5": 18, "FileHash-SHA1": 18, "FileHash-SHA256": 18, "CVE": 2 }, "indicator_count": 407, "is_author": false, "is_subscribing": null, "subscriber_count": 107, "modified_text": "255 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "687f7d01085b8f8ad65f8544", "name": "Threat Intel Report - W27-2025", "description": "These are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week. \n\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools.", "modified": "2025-08-21T11:04:34.944000", "created": "2025-07-22T11:58:57.903000", "tags": [ "mozi", "grouped", "week", "group", "iocs", "microsoft", "ingram micro", "compromise", "italy", "cvss", "grok", "mexico", "agent tesla", "amadey", "june", "malware", "telegram", "asyncrat", "april", "code", "police" ], "references": [ "https://urlhaus.abuse.ch/", "https://any.run/malware-trends/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 18, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 76, "URL": 193, "FileHash-MD5": 18, "FileHash-SHA1": 18, "FileHash-SHA256": 20, "domain": 64 }, "indicator_count": 389, "is_author": false, "is_subscribing": null, "subscriber_count": 106, "modified_text": "282 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "686392e508db0be867f7399e", "name": "Threat Intel Report - W25-2025", "description": "These are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week. \n\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools.", "modified": "2025-07-31T07:01:54.261000", "created": "2025-07-01T07:48:53.450000", "tags": [ "cobaltstrike", "microsoft", "week", "grouped", "iocs", "group", "compromise", "urls http", "dcrat", "cvss", "remcos", "asyncrat", "lazarus", "malware", "date", "coinminer", "sliver", "steam", "june", "friday", "godfather", "service", "telecom", "godfather android" ], "references": [ "https://urlhaus.abuse.ch/", "https://any.run/malware-trends/" ], "public": 1, "adversary": "Lazarus", "targeted_countries": [ "United States of America" ], "malware_families": [ { "id": "Godfather Android", "display_name": "Godfather Android", "target": null } ], "attack_ids": [ { "id": "T1068", "name": "Exploitation for Privilege Escalation", "display_name": "T1068 - Exploitation for Privilege Escalation" } ], "industries": [ "Cryptocurrency", "Insurance" ], "TLP": "white", "cloned_from": null, "export_count": 32, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 151, "FileHash-MD5": 15, "FileHash-SHA1": 15, "FileHash-SHA256": 18, "domain": 53, "hostname": 95 }, "indicator_count": 347, "is_author": false, "is_subscribing": null, "subscriber_count": 107, "modified_text": "303 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6818a371cc417c23e582dcc5", "name": "Threat Intel Report - W18-2025", "description": "These are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week. \n\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools. \n\nThese details may be used as an additional layer to verify the current security posture of an organization against latest cyber trends.", "modified": "2025-06-04T11:00:42.004000", "created": "2025-05-05T11:39:29.491000", "tags": [ "mozi", "grouped", "week", "microsoft", "group", "iocs", "gmail", "compromise", "urls http", "cvss", "amadey", "asyncrat", "remcos", "malware", "date", "clearfake", "telegram", "april", "stealc", "flash", "august", "magento", "nullbulge" ], "references": [ "https://urlhaus.abuse.ch/", "https://any.run/malware-trends/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 19, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 54, "domain": 50, "URL": 196, "FileHash-MD5": 8, "FileHash-SHA1": 8, "FileHash-SHA256": 18 }, "indicator_count": 334, "is_author": false, "is_subscribing": null, "subscriber_count": 106, "modified_text": "360 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "680f5c36f8f8d4e2b86696c0", "name": "Threat Intel Report - W17-2025", "description": "These are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week. \n\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools.", "modified": "2025-05-28T10:02:27.221000", "created": "2025-04-28T10:45:10.012000", "tags": [ "mozi", "mozi link", "week", "microsoft", "iocs", "grouped", "compromise", "russia", "urls http", "cvss", "clearfake", "ukraine", "asyncrat", "remcos", "amadey", "dragonforce", "lazarus", "malware", "darktortilla", "stealc", "cobaltstrike", "telegram", "april", "february", "mtn", "wordpress" ], "references": [ "https://any.run/malware-trends/", "https://urlhaus.abuse.ch/" ], "public": 1, "adversary": "MTN", "targeted_countries": [ "Ukraine", "Korea, Republic of" ], "malware_families": [ { "id": "Wordpress", "display_name": "Wordpress", "target": null } ], "attack_ids": [ { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1102", "name": "Web Service", "display_name": "T1102 - Web Service" }, { "id": "T1189", "name": "Drive-by Compromise", "display_name": "T1189 - Drive-by Compromise" } ], "industries": [ "Telecommunications", "Cryptocurrency", "Telecom", "Finance" ], "TLP": "white", "cloned_from": null, "export_count": 26, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 66, "URL": 162, "domain": 76, "FileHash-MD5": 12, "FileHash-SHA1": 12, "FileHash-SHA256": 20 }, "indicator_count": 348, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "367 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "680f5ba83da287237eb298c9", "name": "Threat Intel Report - W16-2025", "description": "These are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in a week. \n\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools.", "modified": "2025-05-28T10:02:27.221000", "created": "2025-04-28T10:42:48.579000", "tags": [ "mozi", "week", "clearfake", "iocs", "clickfix", "grouped", "compromise", "urls http", "cvss", "cvss base", "redline stealer", "remcos", "asyncrat", "malware", "date", "malicious", "telegram", "april", "android", "interlock" ], "references": [ "https://any.run/malware-trends/", "https://urlhaus.abuse.ch/" ], "public": 1, "adversary": "", "targeted_countries": [ "Korea, Democratic People's Republic of", "Iran, Islamic Republic of", "Russian Federation" ], "malware_families": [ { "id": "Interlock", "display_name": "Interlock", "target": null } ], "attack_ids": [], "industries": [ "Cryptocurrency", "Government" ], "TLP": "white", "cloned_from": null, "export_count": 19, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 72, "URL": 168, "domain": 59, "FileHash-MD5": 13, "FileHash-SHA1": 13, "FileHash-SHA256": 15, "CVE": 1 }, "indicator_count": 341, "is_author": false, "is_subscribing": null, "subscriber_count": 107, "modified_text": "367 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "680f5a8e01022a089e7764fb", "name": "Threat Intel Report - W15-2025", "description": "These are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week. \n\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools.", "modified": "2025-05-28T10:02:27.221000", "created": "2025-04-28T10:38:06.316000", "tags": [ "mozi", "grouped", "week", "group", "microsoft", "iocs", "clearfake", "compromise", "romania", "turkey", "stealc", "asyncrat", "amadey", "april", "malware", "date", "malicious", "mexico", "xworm", "telegram", "defender" ], "references": [ "https://any.run/malware-trends/", "https://urlhaus.abuse.ch/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [ "Cryptocurrency" ], "TLP": "white", "cloned_from": null, "export_count": 17, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 65, "URL": 170, "FileHash-MD5": 11, "FileHash-SHA1": 11, "FileHash-SHA256": 12, "hostname": 54 }, "indicator_count": 323, "is_author": false, "is_subscribing": null, "subscriber_count": 107, "modified_text": "367 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "680f59605f2cdb05ecfe52b7", "name": "Threat Intel Report - W14-2025", "description": "These are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week. \n\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools.", "modified": "2025-05-28T10:02:27.221000", "created": "2025-04-28T10:33:04.500000", "tags": [ "mozi", "wsgidav", "grouped", "week", "group", "iocs", "turkey", "compromise", "asyncrat", "urls http", "clearfake", "ukraine", "amadey", "remcos", "malware", "date", "indonesia", "uruguay", "telegram", "enterprise", "mark" ], "references": [ "https://any.run/malware-trends/", "https://urlhaus.abuse.ch/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [ "Cryptocurrency" ], "TLP": "white", "cloned_from": null, "export_count": 18, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 85, "URL": 159, "FileHash-MD5": 13, "FileHash-SHA1": 13, "FileHash-SHA256": 17, "domain": 59 }, "indicator_count": 346, "is_author": false, "is_subscribing": null, "subscriber_count": 107, "modified_text": "367 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "67ef8d571324a271de986299", "name": "Threat Intel Report - W12-2025", "description": "These are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week. \n\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools. \n\nThese details may be used as an additional layer to verify the current security posture of an organization against latest cyber trends.", "modified": "2025-05-04T07:02:31.627000", "created": "2025-04-04T07:42:15.839000", "tags": [ "mozi", "bangladesh", "singapore", "cobaltstrike", "united kingdom", "mozi link", "germany", "france", "china", "turkey", "pink", "indonesia", "clearfake", "ukraine", "panama", "remcos", "asyncrat", "agent tesla", "malware", "date", "snakekeylogger", "masslogger", "mexico", "ransomhub" ], "references": [ "https://urlhaus.abuse.ch/", "https://any.run/malware-trends/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "RansomHub", "display_name": "RansomHub", "target": null } ], "attack_ids": [ { "id": "T1195", "name": "Supply Chain Compromise", "display_name": "T1195 - Supply Chain Compromise" } ], "industries": [ "Cryptocurrency" ], "TLP": "white", "cloned_from": null, "export_count": 20, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 207, "FileHash-MD5": 16, "FileHash-SHA1": 16, "FileHash-SHA256": 19, "CVE": 1, "domain": 43, "hostname": 180 }, "indicator_count": 482, "is_author": false, "is_subscribing": null, "subscriber_count": 106, "modified_text": "391 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "67ef8924699b118fe8775508", "name": "Threat Intel Report - W10-2025", "description": "These are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week. \n\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools. \n\nThese details may be used as an additional layer to verify the current security posture of an organization against latest cyber trends.", "modified": "2025-05-04T07:02:31.627000", "created": "2025-04-04T07:24:20.314000", "tags": [ "cisos", "mozi", "coinminer", "germany", "mozi link", "singapore", "brazil", "russia", "united kingdom", "grouped", "france", "dcrat", "sliver", "ukraine", "asyncrat", "agent tesla", "malware", "date", "clearfake", "indonesia", "mexico", "panama", "paraguay", "steam", "february", "service", "qilin", "akira" ], "references": [ "https://urlhaus.abuse.ch/", "https://any.run/malware-trends/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Qilin", "display_name": "Qilin", "target": null }, { "id": "Akira", "display_name": "Akira", "target": null } ], "attack_ids": [ { "id": "T1123", "name": "Audio Capture", "display_name": "T1123 - Audio Capture" }, { "id": "T1552", "name": "Unsecured Credentials", "display_name": "T1552 - Unsecured Credentials" } ], "industries": [ "Cryptocurrency", "Telecom", "Telecommunication" ], "TLP": "white", "cloned_from": null, "export_count": 17, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 273, "FileHash-MD5": 12, "FileHash-SHA1": 12, "FileHash-SHA256": 16, "domain": 57, "hostname": 190 }, "indicator_count": 560, "is_author": false, "is_subscribing": null, "subscriber_count": 106, "modified_text": "391 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "67ef8acdfe632a32bd164cbc", "name": "Threat Intel Report - W11-2025", "description": "These are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week. \n\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools. \n\nThese details may be used as an additional layer to verify the current security posture of an organization against latest cyber trends.", "modified": "2025-05-04T07:02:31.627000", "created": "2025-04-04T07:31:25.772000", "tags": [ "mozi", "germany", "india", "china", "grouped", "vietnam", "united kingdom", "singapore", "week", "group", "indonesia", "clearfake", "asyncrat", "stealc", "smartloader", "mexico", "remcos", "malware", "date", "belarus", "ukraine", "amadey", "lockbit", "linux", "superblack", "akira" ], "references": [ "https://urlhaus.abuse.ch/", "https://any.run/malware-trends/" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [ { "id": "Linux", "display_name": "Linux", "target": null }, { "id": "SuperBlack", "display_name": "SuperBlack", "target": null }, { "id": "Akira", "display_name": "Akira", "target": null }, { "id": "LockBit", "display_name": "LockBit", "target": null } ], "attack_ids": [ { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" } ], "industries": [ "Cryptocurrency" ], "TLP": "white", "cloned_from": null, "export_count": 21, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 91, "FileHash-MD5": 51, "FileHash-SHA1": 51, "FileHash-SHA256": 117, "domain": 62, "hostname": 114 }, "indicator_count": 486, "is_author": false, "is_subscribing": null, "subscriber_count": 106, "modified_text": "391 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "67ef8df5d1dfcf2ce2fce716", "name": "Threat Intel Report - W13-2025", "description": "These are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week. \n\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools. \n\nThese details may be used as an additional layer to verify the current security posture of an organization against latest cyber trends.", "modified": "2025-05-04T07:02:31.627000", "created": "2025-04-04T07:44:53.871000", "tags": [ "mozi", "mozi link", "china", "russia", "microsoft", "windows", "week", "germany", "iocs", "clearfake", "indonesia", "remcos", "asyncrat", "sharepoint", "malware", "date", "mexico", "panama", "amadey", "infostealer", "sparrowdoor", "clop" ], "references": [ "https://urlhaus.abuse.ch/", "https://any.run/malware-trends/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Infostealer", "display_name": "Infostealer", "target": null }, { "id": "SparrowDoor", "display_name": "SparrowDoor", "target": null }, { "id": "Clop", "display_name": "Clop", "target": null } ], "attack_ids": [ { "id": "T1021", "name": "Remote Services", "display_name": "T1021 - Remote Services" } ], "industries": [ "Cryptocurrency", "Healthcare" ], "TLP": "white", "cloned_from": null, "export_count": 27, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 264, "FileHash-MD5": 12, "FileHash-SHA1": 12, "FileHash-SHA256": 18, "domain": 59, "hostname": 115 }, "indicator_count": 480, "is_author": false, "is_subscribing": null, "subscriber_count": 107, "modified_text": "391 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "67c6db8c356d3600c63bda5f", "name": "Threat Intel Report - W09-2025", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced from various channels and tools. \n\nThese are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week. \n\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools.", "modified": "2025-04-03T10:02:05.354000", "created": "2025-03-04T10:53:00.339000", "tags": [ "mozi", "singapore", "germany", "brazil", "france", "canada", "hong kong", "netherlands", "india", "week", "indonesia", "ukraine", "dcrat", "february", "lazarus", "asyncrat", "remcos", "malware", "date", "cobaltstrike", "clearfake", "panama", "mexico", "estonia", "steam", "close", "ransomware", "police", "android", "service", "friday", "pump", "grasscall", "vo1d" ], "references": [ "https://any.run/malware-trends/", "https://urlhaus.abuse.ch/" ], "public": 1, "adversary": "", "targeted_countries": [ "Thailand", "Australia" ], "malware_families": [ { "id": "GrassCall", "display_name": "GrassCall", "target": null }, { "id": "Vo1d", "display_name": "Vo1d", "target": null } ], "attack_ids": [ { "id": "T1090", "name": "Proxy", "display_name": "T1090 - Proxy" } ], "industries": [ "Cryptocurrency" ], "TLP": "white", "cloned_from": null, "export_count": 20, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 265, "FileHash-MD5": 15, "FileHash-SHA1": 15, "FileHash-SHA256": 18, "CVE": 1, "domain": 50, "hostname": 132 }, "indicator_count": 496, "is_author": false, "is_subscribing": null, "subscriber_count": 106, "modified_text": "422 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "67c6da18dc4aee1789e6e055", "name": "Threat Intel Report - W08-2025", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced from various channels and tools. \n\nThese are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week. \n\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools.", "modified": "2025-04-03T10:02:05.354000", "created": "2025-03-04T10:46:48.069000", "tags": [ "mozi", "wsgidav", "mozi link", "week", "germany", "iocs", "compromise", "australia", "urls https", "microsoft", "asyncrat", "agent tesla", "remcos", "malware", "date", "indonesia", "mexico", "february" ], "references": [ "https://any.run/malware-trends/", "https://urlhaus.abuse.ch/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1195", "name": "Supply Chain Compromise", "display_name": "T1195 - Supply Chain Compromise" } ], "industries": [ "Cryptocurrency" ], "TLP": "white", "cloned_from": null, "export_count": 13, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 94, "URL": 121, "FileHash-MD5": 14, "FileHash-SHA1": 14, "FileHash-SHA256": 15, "domain": 47 }, "indicator_count": 305, "is_author": false, "is_subscribing": null, "subscriber_count": 106, "modified_text": "422 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "67c6d94d3b0f65be3f6b60e1", "name": "Threat Intel Report - W07-2025", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced from various channels and tools. \n\nThese are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week. \n\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools.", "modified": "2025-04-03T10:02:05.354000", "created": "2025-03-04T10:43:25.849000", "tags": [ "mozi", "tech mahindra", "csrmirteam", "threat report", "south africa", "mozi lin", "germany", "greed mi", "greed mirai", "blacklist host", "indonesia", "asyncrat", "agent tesla", "police", "malware", "date", "jaff", "mylobot", "paraguay", "ukraine", "remcos", "february", "steam", "lumma", "finaldraft", "vidar", "ra world", "mirai" ], "references": [ "https://any.run/malware-trends/", "https://urlhaus.abuse.ch/" ], "public": 1, "adversary": "", "targeted_countries": [ "Russian Federation", "China", "United States of America" ], "malware_families": [ { "id": "Lumma", "display_name": "Lumma", "target": null }, { "id": "FinalDraft", "display_name": "FinalDraft", "target": null }, { "id": "Vidar", "display_name": "Vidar", "target": null }, { "id": "RA World", "display_name": "RA World", "target": null }, { "id": "mirai", "display_name": "mirai", "target": null } ], "attack_ids": [ { "id": "T1102", "name": "Web Service", "display_name": "T1102 - Web Service" } ], "industries": [ "Telecoms", "Cryptocurrency", "Telecommunications" ], "TLP": "white", "cloned_from": null, "export_count": 15, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 189, "FileHash-MD5": 13, "FileHash-SHA1": 13, "FileHash-SHA256": 18, "CVE": 1, "domain": 52, "hostname": 123 }, "indicator_count": 409, "is_author": false, "is_subscribing": null, "subscriber_count": 106, "modified_text": "422 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "679b60be026390028046f224", "name": "Threat Intel Report - W04-2025", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced \nfrom various channels and tools.\nThese are weekly base recommendations to all IT Administrators and CISOs to take corrective \nactions to upgrade their security infrastructure against newly identified threats and attacks in this \nweek.\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner \nthrough manual or automated tools.\nThese details may be used as an additional layer to verify the current security posture of an \norganization against latest cyber trend", "modified": "2025-03-01T11:00:13.105000", "created": "2025-01-30T11:21:34.012000", "tags": [ "mozi", "tech mahindra", "csrmirteam", "threat report", "germany", "singapore", "brazil", "blacklist host", "ip country", "latest spambot", "ukraine", "stealc", "indonesia", "asyncrat", "amadey", "malware", "paraguay", "xworm", "enterprise", "ransomware", "april", "android", "lumma", "change healthcare" ], "references": [ "https://urlhaus.abuse.ch/", "https://any.run/malware-trends/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Lumma", "display_name": "Lumma", "target": null }, { "id": "Change Healthcare", "display_name": "Change Healthcare", "target": null } ], "attack_ids": [], "industries": [ "Cryptocurrency" ], "TLP": "white", "cloned_from": null, "export_count": 29, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 80, "URL": 210, "FileHash-MD5": 13, "FileHash-SHA1": 13, "FileHash-SHA256": 17, "hostname": 78 }, "indicator_count": 411, "is_author": false, "is_subscribing": null, "subscriber_count": 108, "modified_text": "455 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "679b60138d4b0b4c394a6d8e", "name": "Threat Intel Report - W03-2025", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced \nfrom various channels and tools.\nThese are weekly base recommendations to all IT Administrators and CISOs to take corrective \nactions to upgrade their security infrastructure against newly identified threats and attacks in this \nweek.\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner \nthrough manual or automated tools.\nThese details may be used as an additional layer to verify the current security posture of an \norganization against latest cyber trends", "modified": "2025-03-01T11:00:13.105000", "created": "2025-01-30T11:18:43.667000", "tags": [ "mozi", "tech mahindra", "csrmirteam", "threat report", "mozi link", "singapore", "vanuatu", "germany", "brazil", "dateadded", "indonesia", "ukraine", "dcrat", "asyncrat", "malware", "date", "mexico", "sality", "steam", "general", "lumma" ], "references": [ "https://urlhaus.abuse.ch/", "https://any.run/malware-trends/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Lumma", "display_name": "Lumma", "target": null } ], "attack_ids": [ { "id": "T1068", "name": "Exploitation for Privilege Escalation", "display_name": "T1068 - Exploitation for Privilege Escalation" } ], "industries": [ "Cryptocurrency", "Government", "Diplomacy", "Defense" ], "TLP": "white", "cloned_from": null, "export_count": 27, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 80, "hostname": 85, "URL": 202, "CVE": 1, "FileHash-MD5": 12, "FileHash-SHA1": 12, "FileHash-SHA256": 13 }, "indicator_count": 405, "is_author": false, "is_subscribing": null, "subscriber_count": 108, "modified_text": "455 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "679b5efa5d923a359b46f95b", "name": "Threat Intel Report - W02-2025", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced \nfrom various channels and tools.\nThese are weekly base recommendations to all IT Administrators and CISOs to take corrective \nactions to upgrade their security infrastructure against newly identified threats and attacks in this \nweek.\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner \nthrough manual or automated tools.\nThese details may be used as an additional layer to verify the current security posture of an \norganization against latest cyber trends.", "modified": "2025-03-01T11:00:13.105000", "created": "2025-01-30T11:14:02.450000", "tags": [ "tech mahindra", "csrmirteam", "threat report", "cobaltstrike", "united kingdom", "brazil", "germany", "blacklist host", "ip country", "latest spambot", "coinminer", "cobalt strike", "indonesia", "ukraine", "agent tesla", "rats", "asyncrat", "proton", "malware", "date", "sliver", "privateloader", "cridex", "meduza stealer", "sagecrypt", "redlinestealer", "quasarrat", "xmrig", "calendar", "designer", "silk typhoon", "lumma" ], "references": [ "https://urlhaus.abuse.ch/", "https://any.run/malware-trends/" ], "public": 1, "adversary": "Silk Typhoon", "targeted_countries": [ "United States of America", "Japan" ], "malware_families": [ { "id": "Lumma", "display_name": "Lumma", "target": null } ], "attack_ids": [], "industries": [ "Cryptocurrency" ], "TLP": "white", "cloned_from": null, "export_count": 43, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 61, "URL": 134, "FileHash-MD5": 16, "FileHash-SHA1": 16, "FileHash-SHA256": 17, "CVE": 1, "hostname": 122 }, "indicator_count": 367, "is_author": false, "is_subscribing": null, "subscriber_count": 108, "modified_text": "455 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "679b5dfdefa11d18f84b2acd", "name": "Threat Intel Report - W01-2025", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced \nfrom various channels and tools.\nThese are weekly base recommendations to all IT Administrators and CISOs to take corrective \nactions to upgrade their security infrastructure against newly identified threats and attacks in this week.", "modified": "2025-03-01T10:02:53.494000", "created": "2025-01-30T11:09:49.734000", "tags": [ "mozi", "tech mahindra", "csrmirteam", "threat report", "netherland", "mozi link", "blacklist host", "ip country", "latest spambot", "visit", "dcrat", "uruguay", "asyncrat", "space bears", "malware", "date", "xworm", "sality", "steam", "lumma", "hardhat" ], "references": [ "https://urlhaus.abuse.ch/", "https://any.run/malware-trends/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Lumma", "display_name": "Lumma", "target": null }, { "id": "Hardhat", "display_name": "Hardhat", "target": null } ], "attack_ids": [], "industries": [ "Cryptocurrency" ], "TLP": "white", "cloned_from": null, "export_count": 28, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 74, "hostname": 83, "URL": 165, "FileHash-MD5": 14, "FileHash-SHA1": 14, "FileHash-SHA256": 14 }, "indicator_count": 364, "is_author": false, "is_subscribing": null, "subscriber_count": 106, "modified_text": "455 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6774e8cbdfa56e26aa4b1c00", "name": "Threat Intel Report - W53-2024", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced from various channels and tools. \n\nThese are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week. \n\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools. \n\nThese details may be used as an additional layer to verify the current security posture of an organization against latest cyber trends.", "modified": "2025-01-31T07:03:15.087000", "created": "2025-01-01T07:03:39.539000", "tags": [ "mozi", "brazil", "germany", "kazakstan", "singapore", "week", "russia", "iocs", "australia", "france", "ukraine", "indonesia", "stealc", "malware", "mexico", "cryptbot", "amadey", "date", "belarus", "uruguay", "apache", "lumma", "contagious interview", "mirai" ], "references": [ "https://any.run/malware-trends/", "https://urlhaus.abuse.ch/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Lumma", "display_name": "Lumma", "target": null }, { "id": "Contagious Interview", "display_name": "Contagious Interview", "target": null }, { "id": "Mirai", "display_name": "Mirai", "target": null } ], "attack_ids": [ { "id": "T1176", "name": "Browser Extensions", "display_name": "T1176 - Browser Extensions" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" } ], "industries": [ "Cryptocurrency" ], "TLP": "white", "cloned_from": null, "export_count": 24, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 81, "URL": 230, "FileHash-MD5": 9, "FileHash-SHA1": 9, "FileHash-SHA256": 15, "CVE": 1, "domain": 105 }, "indicator_count": 450, "is_author": false, "is_subscribing": null, "subscriber_count": 107, "modified_text": "484 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6774e7765d719c949d7d9be1", "name": "Threat Intel Report - W51-2024", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced from various channels and tools. \n\nThese are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week. \n\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools. \n\nThese details may be used as an additional layer to verify the current security posture of an organization against latest cyber trends.", "modified": "2025-01-31T06:04:58.629000", "created": "2025-01-01T06:57:58.991000", "tags": [ "mozi", "mintsloader", "germany", "brazil", "india", "week", "russia", "australia", "cisa", "iocs", "indonesia", "stealc", "asyncrat", "amadey", "winnti", "facebook", "malware", "date", "redlinestealer", "mexico", "android", "gamaredon", "police", "ukraine", "turla", "april" ], "references": [ "https://any.run/malware-trends/", "https://urlhaus.abuse.ch/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 28, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 76, "hostname": 79, "URL": 196, "FileHash-MD5": 13, "FileHash-SHA1": 13, "FileHash-SHA256": 16 }, "indicator_count": 393, "is_author": false, "is_subscribing": null, "subscriber_count": 106, "modified_text": "484 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6774e823196d078c848ed0e7", "name": "Threat Intel Report - W52-2024", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced from various channels and tools. \n\nThese are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week. \n\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools. \n\nThese details may be used as an additional layer to verify the current security posture of an organization against latest cyber trends.", "modified": "2025-01-31T06:04:58.629000", "created": "2025-01-01T07:00:51.580000", "tags": [ "mozi", "germany", "united kingdom", "asyncrat link", "russia", "brazil", "quakbot", "singapore", "week", "asyncrat", "ukraine", "mexico", "indonesia", "emmenhtal", "amadey", "play ransomware", "malware", "date", "paraguay", "slovakia", "first", "cryptbot", "lumma stealer", "alliance", "june", "android", "powershell" ], "references": [ "https://any.run/malware-trends/", "https://urlhaus.abuse.ch/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 20, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 70, "hostname": 92, "URL": 223, "CVE": 1, "FileHash-MD5": 12, "FileHash-SHA1": 12, "FileHash-SHA256": 16 }, "indicator_count": 426, "is_author": false, "is_subscribing": null, "subscriber_count": 106, "modified_text": "484 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6774e689893fa87d47d8b351", "name": "Threat Intel Report - W50-2024", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced from various channels and tools. \n\nThese are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week. \n\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools. \n\nThese details may be used as an additional layer to verify the current security posture of an organization against latest cyber trends", "modified": "2025-01-31T06:04:58.629000", "created": "2025-01-01T06:54:01.111000", "tags": [ "mozi", "mintsloader", "germany", "brazil", "india", "russia", "week", "australia", "united kingdom", "iocs", "indonesia", "stealc", "police", "asyncrat", "agent tesla", "april", "matrix", "malware", "date", "redlinestealer", "mexico", "august", "service", "turla", "exploit" ], "references": [ "https://any.run/malware-trends/", "https://urlhaus.abuse.ch/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 23, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 100, "URL": 184, "FileHash-MD5": 13, "FileHash-SHA1": 13, "FileHash-SHA256": 16, "domain": 47 }, "indicator_count": 373, "is_author": false, "is_subscribing": null, "subscriber_count": 106, "modified_text": "484 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6774e534fe316d0fa0097cc1", "name": "Threat Intel Report - W49-2024", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced from various channels and tools. \n\nThese are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week. \n\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools. \n\nThese details may be used as an additional layer to verify the current security posture of an organization against latest cyber trends.", "modified": "2025-01-31T06:04:58.629000", "created": "2025-01-01T06:48:20.173000", "tags": [ "mozi", "hong kong", "germany", "mozi link", "brazil", "bulgaria", "microsoft", "united kingdom", "week", "russia", "indonesia", "stealc", "asyncrat", "agent tesla", "malware", "date", "mexico", "ukraine", "panama" ], "references": [ "https://urlhaus.abuse.ch/", "https://any.run/malware-trends/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 14, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 99, "URL": 208, "FileHash-MD5": 16, "FileHash-SHA1": 16, "FileHash-SHA256": 21, "domain": 58 }, "indicator_count": 418, "is_author": false, "is_subscribing": null, "subscriber_count": 106, "modified_text": "484 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "66bb4c7e8dfacb55bce2db69", "name": "Threat Intel Report - W27-2024", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced from various channels and tools. \n\nThese are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week. \n\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools. \n\nThese details may be used as an additional layer to verify the current security posture of an organization against latest cyber trends.", "modified": "2024-09-12T12:04:36.044000", "created": "2024-08-13T12:07:26.492000", "tags": [ "mozi", "mozi link", "week", "windows", "germany", "android", "spain", "brazil", "italy", "russia", "risepro", "remcos", "powershell", "panama", "ukraine", "agent tesla", "asyncrat", "hijackloader", "june", "p2pinfect" ], "references": [ "https://any.run/malware-trends/", "https://myip.ms/browse/blacklist/Blacklist_IP_Blacklist_IP_Addresses_Live_Database_Real-time" ], "public": 1, "adversary": "", "targeted_countries": [ "France", "Italy", "United States of America", "Canada", "Spain", "United Kingdom of Great Britain and Northern Ireland", "T\u00fcrkiye" ], "malware_families": [], "attack_ids": [ { "id": "T1195", "name": "Supply Chain Compromise", "display_name": "T1195 - Supply Chain Compromise" } ], "industries": [ "Hospitality" ], "TLP": "white", "cloned_from": null, "export_count": 15, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 91, "URL": 150, "FileHash-MD5": 72, "FileHash-SHA1": 72, "FileHash-SHA256": 118, "domain": 7 }, "indicator_count": 510, "is_author": false, "is_subscribing": null, "subscriber_count": 107, "modified_text": "625 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "66bb4aefd227300a92540a40", "name": "Threat Intel Report - W28-2024", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced from various channels and tools. \n\nThese are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week. \n\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools. \n\nThese details may be used as an additional layer to verify the current security posture of an organization against latest cyber trends.", "modified": "2024-09-12T11:00:55.410000", "created": "2024-08-13T12:00:47.170000", "tags": [ "mozi", "brazil", "week", "spain", "russia", "france", "bulgaria", "japan", "united kingdom", "urls http", "agent tesla", "remcos", "ukraine", "cuba", "asyncrat", "june", "april", "union" ], "references": [ "https://any.run/malware-trends/", "https://myip.ms/browse/blacklist/Blacklist_IP_Blacklist_IP_Addresses_Live_Database_Real-time" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" } ], "industries": [ "Cryptocurrency", "Health", "Healthcare" ], "TLP": "white", "cloned_from": null, "export_count": 10, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 95, "FileHash-MD5": 46, "FileHash-SHA1": 46, "FileHash-SHA256": 113, "domain": 35, "hostname": 121 }, "indicator_count": 456, "is_author": false, "is_subscribing": null, "subscriber_count": 108, "modified_text": "625 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "66bb499894eef0a43910b072", "name": "Threat Intel Report - W29-2024", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced from various channels and tools. \n\nThese are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week. \n\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools. \n\nThese details may be used as an additional layer to verify the current security posture of an organization against latest cyber trends.", "modified": "2024-09-12T11:00:55.410000", "created": "2024-08-13T11:55:04.474000", "tags": [ "mozi", "microsoft", "windows", "russia", "week", "germany", "bulgaria", "united kingdom", "turkey", "brazil", "asyncrat", "powershell", "autoit", "coinminer", "recordbreaker", "redlinestealer", "indonesia", "agent tesla", "remcos", "august", "enterprise", "vipersoftx" ], "references": [ "https://any.run/malware-trends/", "https://myip.ms/browse/blacklist/Blacklist_IP_Blacklist_IP_Addresses_Live_Database_Real-time" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "ViperSoftX", "display_name": "ViperSoftX", "target": null } ], "attack_ids": [], "industries": [ "Cryptocurrency" ], "TLP": "white", "cloned_from": null, "export_count": 13, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 53, "URL": 138, "FileHash-MD5": 66, "FileHash-SHA1": 66, "FileHash-SHA256": 119, "hostname": 118 }, "indicator_count": 560, "is_author": false, "is_subscribing": null, "subscriber_count": 107, "modified_text": "625 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "66bb44c55928675e15bc818d", "name": "Threat Intel Report - W30-2024", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced from various channels and tools. \n\nThese are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week. \n\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools. \n\nThese details may be used as an additional layer to verify the current security posture of an organization against latest cyber trends.", "modified": "2024-09-12T11:00:55.410000", "created": "2024-08-13T11:34:29.979000", "tags": [ "mozi", "microsoft", "week", "windows", "panama", "germany", "russia", "lithuania", "romania", "urls http", "agent tesla", "asyncrat", "dcrat", "muddywater", "indonesia", "mexico", "remcos", "stealc", "steam", "lockbit", "february", "qilin" ], "references": [ "https://any.run/malware-trends/", "https://myip.ms/browse/blacklist/Blacklist_IP_Blacklist_IP_Addresses_Live_Database_Real-time" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Qilin", "display_name": "Qilin", "target": null } ], "attack_ids": [ { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 16, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 70, "hostname": 82, "URL": 211, "FileHash-MD5": 69, "FileHash-SHA1": 68, "FileHash-SHA256": 117, "CVE": 1 }, "indicator_count": 618, "is_author": false, "is_subscribing": null, "subscriber_count": 106, "modified_text": "625 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "66bb43d21eaad50b74da3b82", "name": "Threat Intel Report - W31-2024", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced from various channels and tools. \n\nThese are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week. \n\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools. \n\nThese details may be used as an additional layer to verify the current security posture of an organization against latest cyber trends.", "modified": "2024-09-12T11:00:55.410000", "created": "2024-08-13T11:30:26.108000", "tags": [ "mozi", "mozi link", "week", "windows", "microsoft", "penterac2", "russia", "germany", "cvss", "cvss base", "spynote", "mexico", "agent tesla", "remcos", "snakekeylogger", "coinminer", "panama", "indonesia", "asyncrat", "panda", "android" ], "references": [ "https://any.run/malware-trends/", "https://myip.ms/browse/blacklist/Blacklist_IP_Blacklist_IP_Addresses_Live_Database_Real-time" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 13, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 62, "hostname": 87, "URL": 136, "FileHash-MD5": 53, "FileHash-SHA1": 53, "FileHash-SHA256": 112 }, "indicator_count": 503, "is_author": false, "is_subscribing": null, "subscriber_count": 106, "modified_text": "625 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "66bb43d21b05a860a29b73c0", "name": "Threat Intel Report - W31-2024", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced from various channels and tools. \n\nThese are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week. \n\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools. \n\nThese details may be used as an additional layer to verify the current security posture of an organization against latest cyber trends.", "modified": "2024-09-12T11:00:55.410000", "created": "2024-08-13T11:30:26.211000", "tags": [ "mozi", "mozi link", "week", "windows", "microsoft", "penterac2", "russia", "germany", "cvss", "cvss base", "spynote", "mexico", "agent tesla", "remcos", "snakekeylogger", "coinminer", "panama", "indonesia", "asyncrat", "panda", "android" ], "references": [ "https://any.run/malware-trends/", "https://myip.ms/browse/blacklist/Blacklist_IP_Blacklist_IP_Addresses_Live_Database_Real-time" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 13, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 62, "hostname": 87, "URL": 136, "FileHash-MD5": 53, "FileHash-SHA1": 53, "FileHash-SHA256": 112 }, "indicator_count": 503, "is_author": false, "is_subscribing": null, "subscriber_count": 106, "modified_text": "625 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "66bb43ce0b5a9b42a54a3498", "name": "Threat Intel Report - W31-2024", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced from various channels and tools. \n\nThese are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week. \n\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools. \n\nThese details may be used as an additional layer to verify the current security posture of an organization against latest cyber trends.", "modified": "2024-09-12T11:00:55.410000", "created": "2024-08-13T11:30:22.195000", "tags": [ "mozi", "mozi link", "week", "windows", "microsoft", "penterac2", "russia", "germany", "cvss", "cvss base", "spynote", "mexico", "agent tesla", "remcos", "snakekeylogger", "coinminer", "panama", "indonesia", "asyncrat", "panda", "android" ], "references": [ "https://any.run/malware-trends/", "https://myip.ms/browse/blacklist/Blacklist_IP_Blacklist_IP_Addresses_Live_Database_Real-time" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 13, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 62, "hostname": 87, "URL": 136, "FileHash-MD5": 53, "FileHash-SHA1": 53, "FileHash-SHA256": 112 }, "indicator_count": 503, "is_author": false, "is_subscribing": null, "subscriber_count": 106, "modified_text": "625 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "66bb4194cec2a519f5835e30", "name": "Threat Intel Report - W32-2024", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced from various channels and tools[.] \n\nThese are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week[.] \n\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools[.] \n\nThese details may be used as an additional layer to verify the current security posture of an organization against latest cyber trends[.]", "modified": "2024-09-12T11:00:55.410000", "created": "2024-08-13T11:20:52.200000", "tags": [ "mozi", "russia", "week", "mozi link", "germany", "domains", "linux kernel", "cisa", "cvss", "cvss base", "asyncrat", "agent tesla", "remcos", "android", "vidar", "ukraine", "python", "rats", "service", "dark", "mandrake", "ransomware" ], "references": [ "https://any.run/malware-trends/", "https://myip.ms/browse/blacklist/Blacklist_IP_Blacklist_IP_Addresses_Live_Database_Real-time" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 17, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 46, "hostname": 94, "URL": 212, "FileHash-MD5": 47, "FileHash-SHA1": 47, "FileHash-SHA256": 118 }, "indicator_count": 564, "is_author": false, "is_subscribing": null, "subscriber_count": 106, "modified_text": "625 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6662e53539f591feafafe7ff", "name": "Threat Intel Report - W21-2024", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced from various channels and tools. \n\nThese are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week. \n\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools. \n\nThese details may be used as an additional layer to verify the current security posture of an organization against latest cyber trends.", "modified": "2024-07-07T10:01:50.774000", "created": "2024-06-07T10:47:17.864000", "tags": [ "microsoft", "windows", "week", "android", "risepro", "cisa", "cvss", "cvss base", "april", "google", "remcos", "protect", "winscp", "grandoreiro", "sliver", "rtkit", "tiger", "qakbot" ], "references": [ "https://any.run/malware-trends/", "https://myip.ms/browse/blacklist/Blacklist_IP_Blacklist_IP_Addresses_Live_Database_Real-time" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 25, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 87, "URL": 191, "FileHash-MD5": 56, "FileHash-SHA1": 56, "FileHash-SHA256": 119, "domain": 30 }, "indicator_count": 539, "is_author": false, "is_subscribing": null, "subscriber_count": 107, "modified_text": "692 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "63ce64b5608169251e3d188e", "name": "Threat Intel Report - W4-2023.pdf", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced from various channels and tools.\nThese are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week.\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools.\nThese details may be used as an additional layer to verify the current security posture of an organization against latest cyber trends.", "modified": "2023-02-22T10:02:28.482000", "created": "2023-01-23T10:43:01.825000", "tags": [], "references": [ "https://myip.ms/browse/blacklist/Blacklist_IP_Blacklist_IP_Addresses_Live_Database_ Real-time", "https://www.dnsbl.info/", "https://www.spamhaus.org/xbl/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 40, "FileHash-MD5": 9, "FileHash-SHA1": 9, "FileHash-SHA256": 13, "CVE": 2, "URL": 101, "hostname": 34 }, "indicator_count": 208, "is_author": false, "is_subscribing": null, "subscriber_count": 107, "modified_text": "1193 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6396eaa02e310144bdee2239", "name": "Threat Intel Report - W51-2022.pdf", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced from various channels and tools.\nThese are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week.\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools.\nThese details may be used as an additional layer to verify the current security posture of an organization against latest cyber trends.", "modified": "2023-01-11T08:01:06.278000", "created": "2022-12-12T08:47:28.496000", "tags": [], "references": [ "https://myip.ms/browse/blacklist/Blacklist_IP_Blacklist_IP_Addresses_Live_Database_ Real-time", "https://www.dnsbl.info/", "https://www.spamhaus.org/xbl/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 28, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 42, "hostname": 92, "FileHash-MD5": 24, "FileHash-SHA1": 28, "FileHash-SHA256": 36, "CVE": 1, "URL": 89 }, "indicator_count": 312, "is_author": false, "is_subscribing": null, "subscriber_count": 107, "modified_text": "1235 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6384777e524ec4344d25de0b", "name": "Threat Intel Report - W49-2022.pdf", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced from various channels and tools.\nThese are weekly based recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week.\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools.\nThese details may be used as an additional layer to verify the current security posture of an organization against latest cyber trends.", "modified": "2022-12-28T08:03:15.043000", "created": "2022-11-28T08:55:26.933000", "tags": [], "references": [ "https://myip.ms/browse/blacklist/Blacklist_IP_Blacklist_IP_Addresses_Live_Database_ Real-time", "https://www.dnsbl.info/", "https://www.spamhaus.org/xbl/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 7, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 1, "FileHash-MD5": 5, "FileHash-SHA1": 7, "FileHash-SHA256": 12, "URL": 102, "domain": 38, "hostname": 45 }, "indicator_count": 210, "is_author": false, "is_subscribing": null, "subscriber_count": 106, "modified_text": "1249 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "637b30662e1183e22aee7371", "name": "Threat Intel Report - W48-2022.pdf", "description": "", "modified": "2022-12-21T07:00:40.475000", "created": "2022-11-21T08:01:42.054000", "tags": [], "references": [ "https://myip.ms/browse/blacklist/Blacklist_IP_Blacklist_IP_Addresses_Live_Database_ Real-time", "https://www.dnsbl.info/", "https://www.spamhaus.org/xbl/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 11, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 208, "hostname": 56, "FileHash-MD5": 34, "FileHash-SHA1": 58, "FileHash-SHA256": 57, "CVE": 4, "domain": 161 }, "indicator_count": 578, "is_author": false, "is_subscribing": null, "subscriber_count": 107, "modified_text": "1256 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "635ffda049d729e6576602d7", "name": "Threat Intel Report - W45-2022", "description": "", "modified": "2022-11-30T16:05:43.873000", "created": "2022-10-31T16:53:52.854000", "tags": [], "references": [], "public": 1, "adversary": "Threat Intel Report - W45-2022", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 6, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 106, "FileHash-MD5": 11, "FileHash-SHA1": 11, "FileHash-SHA256": 13, "CVE": 1, "domain": 31, "hostname": 68 }, "indicator_count": 241, "is_author": false, "is_subscribing": null, "subscriber_count": 106, "modified_text": "1277 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "634d45d44bae594798aa34b8", "name": "Threat Intel Report - W43-2022.pdf", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced from various channels and tools.\nThese are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week.\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools.\nThese details may be used as an additional layer to verify the current security posture of an organization against latest cyber trends.", "modified": "2022-11-16T12:00:12.273000", "created": "2022-10-17T12:08:52.058000", "tags": [], "references": [ "Threat Intel Report - W43-2022.pdf", "https://myip.ms/browse/blacklist/Blacklist_IP_Blacklist_IP_Addresses_Live_Database_ Real-time", "https://www.dnsbl.info/", "https://www.spamhaus.org/xbl/", "https://psbl.org/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 16, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 37, "URL": 88, "CVE": 1, "FileHash-MD5": 9, "FileHash-SHA1": 9, "FileHash-SHA256": 13, "hostname": 29 }, "indicator_count": 186, "is_author": false, "is_subscribing": null, "subscriber_count": 108, "modified_text": "1291 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "63297db32a2503f61667c7f8", "name": "Threat Intel Advisory Report - W39-2022", "description": "", "modified": "2022-10-20T08:50:24.724000", "created": "2022-09-20T08:45:39.380000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 54, "URL": 99, "FileHash-MD5": 9, "FileHash-SHA1": 10, "FileHash-SHA256": 13, "CVE": 1, "domain": 37 }, "indicator_count": 223, "is_author": false, "is_subscribing": null, "subscriber_count": 106, "modified_text": "1318 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "631f0dc5f4226dc9c29e1e79", "name": "Threat Intel Report - W38-2022", "description": "", "modified": "2022-10-12T00:05:41.896000", "created": "2022-09-12T10:45:25.886000", "tags": [], "references": [], "public": 1, "adversary": "IOC- W38-2022", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 93, "CVE": 2, "FileHash-MD5": 10, "FileHash-SHA1": 9, "FileHash-SHA256": 12, "domain": 7, "hostname": 37 }, "indicator_count": 170, "is_author": false, "is_subscribing": null, "subscriber_count": 107, "modified_text": "1326 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6317137bd474b32c0162c595", "name": "Threat Intel Report - W37-2022", "description": "", "modified": "2022-10-06T00:00:46.407000", "created": "2022-09-06T09:31:39.761000", "tags": [], "references": [ "TechM-Threat Intel Report - W37-2022.pdf" ], "public": 1, "adversary": "Threat Intel Report - W37-2022", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 59, "hostname": 58, "URL": 71, "FileHash-MD5": 8, "FileHash-SHA1": 9, "FileHash-SHA256": 14, "CVE": 1 }, "indicator_count": 220, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "1332 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "62bf189fbc2ec9c379bba1e8", "name": "TM Threat Intel Feed W25-2022", "description": "", "modified": "2022-07-31T00:02:44.153000", "created": "2022-07-01T15:54:07.928000", "tags": [], "references": [ "TM Threat Intel Feed - W25-2022.pdf" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 22, "hostname": 51, "URL": 109, "CVE": 1, "FileHash-MD5": 5, "FileHash-SHA1": 5, "FileHash-SHA256": 9 }, "indicator_count": 202, "is_author": false, "is_subscribing": null, "subscriber_count": 107, "modified_text": "1399 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "62bf193c856de5275ad3c997", "name": "TM Threat Intel Feed W27-2022", "description": "", "modified": "2022-07-31T00:02:44.153000", "created": "2022-07-01T15:56:44.035000", "tags": [], "references": [ "TechM-Threat Intel Report - W27-2022.pdf" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 24, "hostname": 24, "FileHash-MD5": 7, "FileHash-SHA1": 7, "FileHash-SHA256": 9, "URL": 104 }, "indicator_count": 175, "is_author": false, "is_subscribing": null, "subscriber_count": 107, "modified_text": "1399 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "62bf18f3e5de11ad0b0b39db", "name": "TM Threat Intel Feed W26-2022", "description": "", "modified": "2022-07-31T00:02:44.153000", "created": "2022-07-01T15:55:31.039000", "tags": [], "references": [ "TechM-Threat Intel Report - W26-2022.pdf" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 20, "URL": 107, "hostname": 24, "CVE": 1, "FileHash-MD5": 7, "FileHash-SHA1": 7, "FileHash-SHA256": 8 }, "indicator_count": 174, "is_author": false, "is_subscribing": null, "subscriber_count": 107, "modified_text": "1399 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "references": [ "Threat Intel Report - W43-2022.pdf", "https://myip.ms/browse/blacklist/Blacklist_IP_Blacklist_IP_Addresses_Live_Database_Real-time", "https://any.run/malware-trends/", "https://www.spamhaus.org/xbl/", "TechM-Threat Intel Report - W37-2022.pdf", "TechM-Threat Intel Report - W26-2022.pdf", "https://www.dnsbl.info/", "TM Threat Intel Feed - W25-2022.pdf", "https://urlhaus.abuse.ch/", "https://psbl.org/", "TechM-Threat Intel Report - W27-2022.pdf", "https://myip.ms/browse/blacklist/Blacklist_IP_Blacklist_IP_Addresses_Live_Database_ Real-time" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [] }, "other": { "adversary": [ "Lazarus", "Silk Typhoon", "Threat", "Threat Intel Report - W37-2022", "MTN", "IOC- W38-2022", "Threat Intel Report - W45-2022" ], "malware_families": [ "Vipersoftx", "Ra world", "Ransomhub", "Sparrowdoor", "Change healthcare", "Hardhat", "Superblack", "Godfather android", "Interlock", "Lumma", "Vidar", "Mirai", "Ninja browser", "Linux", "Shinyhunters", "Qilin", "Tesla", "Threat", "Wordpress", "Infostealer", "Clop", "Lockbit", "Contagious interview", "Vo1d", "Akira", "Finaldraft", "Grasscall" ], "industries": [ "Telecommunications", "Healthcare", "Defense", "Insurance", "Telecoms", "Hospitality", "Finance", "Diplomacy", "Government", "Telecom", "Health", "Telecommunication", "Cryptocurrency" ] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 47, "pulses": [ { "id": "69b95273abb52a5ec0fd0754", "name": "Threat Intel Report - W07-2026", "description": "These are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week.\n\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools.", "modified": "2026-04-16T13:37:13.951000", "created": "2026-03-17T13:09:07.099000", "tags": [ "mozi", "clearfake", "remcosrat", "microsoft", "week", "windows", "italy", "bangladesh", "iocs", "cobaltstrike", "dcrat", "february", "coinminer", "smoke loader", "agent tesla", "lumma stealer", "malware", "date", "quasarrat", "vidar", "telegram", "steam", "restart", "bitcoin", "shinyhunters", "python", "soar", "threat", "tesla", "ninja browser", "lumma" ], "references": [ "https://any.run/malware-trends/", "https://urlhaus.abuse.ch/" ], "public": 1, "adversary": "Threat", "targeted_countries": [ "Canada" ], "malware_families": [ { "id": "Tesla", "display_name": "Tesla", "target": null }, { "id": "ShinyHunters", "display_name": "ShinyHunters", "target": null }, { "id": "Ninja Browser", "display_name": "Ninja Browser", "target": null }, { "id": "Threat", "display_name": "Threat", "target": null }, { "id": "Lumma", "display_name": "Lumma", "target": null } ], "attack_ids": [ { "id": "T1090", "name": "Proxy", "display_name": "T1090 - Proxy" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1190", "name": "Exploit Public-Facing Application", "display_name": "T1190 - Exploit Public-Facing Application" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 457, "FileHash-MD5": 40, "FileHash-SHA1": 41, "FileHash-SHA256": 58, "CVE": 4, "domain": 26, "hostname": 81 }, "indicator_count": 707, "is_author": false, "is_subscribing": null, "subscriber_count": 108, "modified_text": "44 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "68c7ca350c27d4818d54bf62", "name": "Threat Intel Report - W34-2025", "description": "These are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week.", "modified": "2025-10-15T09:53:41.327000", "created": "2025-09-15T08:11:33.621000", "tags": [ "mozi", "microsoft", "grouped", "windows", "week", "group", "coinminer", "iocs", "august", "compromise", "agent tesla", "malware", "sliver", "amadey", "tycoon", "quasar", "service", "lumma", "tesla", "qilin" ], "references": [ "https://urlhaus.abuse.ch/", "https://any.run/malware-trends/" ], "public": 1, "adversary": "", "targeted_countries": [ "India", "Russian Federation" ], "malware_families": [ { "id": "Lumma", "display_name": "Lumma", "target": null }, { "id": "Tesla", "display_name": "Tesla", "target": null }, { "id": "Qilin", "display_name": "Qilin", "target": null } ], "attack_ids": [ { "id": "T1090", "name": "Proxy", "display_name": "T1090 - Proxy" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1543", "name": "Create or Modify System Process", "display_name": "T1543 - Create or Modify System Process" } ], "industries": [ "Cryptocurrency", "Government", "Defense" ], "TLP": "white", "cloned_from": null, "export_count": 18, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 52, "URL": 264, "FileHash-MD5": 13, "FileHash-SHA1": 13, "FileHash-SHA256": 17, "hostname": 60 }, "indicator_count": 419, "is_author": false, "is_subscribing": null, "subscriber_count": 106, "modified_text": "227 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "68a2ee2d7d72510c53fe83f4", "name": "Threat Intel Report - W32-2025", "description": "These are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week. \n\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools.", "modified": "2025-09-17T09:03:35.910000", "created": "2025-08-18T09:11:09.011000", "tags": [ "mozi", "microsoft", "week", "google", "iocs", "sonicwall", "grouped", "compromise", "cvss", "cvss base", "android", "agent tesla", "asyncrat", "remcos", "ruby", "august", "malware", "date", "telegram", "ransomhub", "malicious" ], "references": [ "https://any.run/malware-trends/", "https://urlhaus.abuse.ch/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 23, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 66, "hostname": 78, "URL": 207, "FileHash-MD5": 18, "FileHash-SHA1": 18, "FileHash-SHA256": 18, "CVE": 2 }, "indicator_count": 407, "is_author": false, "is_subscribing": null, "subscriber_count": 107, "modified_text": "255 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "687f7d01085b8f8ad65f8544", "name": "Threat Intel Report - W27-2025", "description": "These are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week. \n\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools.", "modified": "2025-08-21T11:04:34.944000", "created": "2025-07-22T11:58:57.903000", "tags": [ "mozi", "grouped", "week", "group", "iocs", "microsoft", "ingram micro", "compromise", "italy", "cvss", "grok", "mexico", "agent tesla", "amadey", "june", "malware", "telegram", "asyncrat", "april", "code", "police" ], "references": [ "https://urlhaus.abuse.ch/", "https://any.run/malware-trends/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 18, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 76, "URL": 193, "FileHash-MD5": 18, "FileHash-SHA1": 18, "FileHash-SHA256": 20, "domain": 64 }, "indicator_count": 389, "is_author": false, "is_subscribing": null, "subscriber_count": 106, "modified_text": "282 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "686392e508db0be867f7399e", "name": "Threat Intel Report - W25-2025", "description": "These are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week. \n\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools.", "modified": "2025-07-31T07:01:54.261000", "created": "2025-07-01T07:48:53.450000", "tags": [ "cobaltstrike", "microsoft", "week", "grouped", "iocs", "group", "compromise", "urls http", "dcrat", "cvss", "remcos", "asyncrat", "lazarus", "malware", "date", "coinminer", "sliver", "steam", "june", "friday", "godfather", "service", "telecom", "godfather android" ], "references": [ "https://urlhaus.abuse.ch/", "https://any.run/malware-trends/" ], "public": 1, "adversary": "Lazarus", "targeted_countries": [ "United States of America" ], "malware_families": [ { "id": "Godfather Android", "display_name": "Godfather Android", "target": null } ], "attack_ids": [ { "id": "T1068", "name": "Exploitation for Privilege Escalation", "display_name": "T1068 - Exploitation for Privilege Escalation" } ], "industries": [ "Cryptocurrency", "Insurance" ], "TLP": "white", "cloned_from": null, "export_count": 32, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 151, "FileHash-MD5": 15, "FileHash-SHA1": 15, "FileHash-SHA256": 18, "domain": 53, "hostname": 95 }, "indicator_count": 347, "is_author": false, "is_subscribing": null, "subscriber_count": 107, "modified_text": "303 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6818a371cc417c23e582dcc5", "name": "Threat Intel Report - W18-2025", "description": "These are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week. \n\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools. \n\nThese details may be used as an additional layer to verify the current security posture of an organization against latest cyber trends.", "modified": "2025-06-04T11:00:42.004000", "created": "2025-05-05T11:39:29.491000", "tags": [ "mozi", "grouped", "week", "microsoft", "group", "iocs", "gmail", "compromise", "urls http", "cvss", "amadey", "asyncrat", "remcos", "malware", "date", "clearfake", "telegram", "april", "stealc", "flash", "august", "magento", "nullbulge" ], "references": [ "https://urlhaus.abuse.ch/", "https://any.run/malware-trends/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 19, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 54, "domain": 50, "URL": 196, "FileHash-MD5": 8, "FileHash-SHA1": 8, "FileHash-SHA256": 18 }, "indicator_count": 334, "is_author": false, "is_subscribing": null, "subscriber_count": 106, "modified_text": "360 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "680f5c36f8f8d4e2b86696c0", "name": "Threat Intel Report - W17-2025", "description": "These are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week. \n\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools.", "modified": "2025-05-28T10:02:27.221000", "created": "2025-04-28T10:45:10.012000", "tags": [ "mozi", "mozi link", "week", "microsoft", "iocs", "grouped", "compromise", "russia", "urls http", "cvss", "clearfake", "ukraine", "asyncrat", "remcos", "amadey", "dragonforce", "lazarus", "malware", "darktortilla", "stealc", "cobaltstrike", "telegram", "april", "february", "mtn", "wordpress" ], "references": [ "https://any.run/malware-trends/", "https://urlhaus.abuse.ch/" ], "public": 1, "adversary": "MTN", "targeted_countries": [ "Ukraine", "Korea, Republic of" ], "malware_families": [ { "id": "Wordpress", "display_name": "Wordpress", "target": null } ], "attack_ids": [ { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1102", "name": "Web Service", "display_name": "T1102 - Web Service" }, { "id": "T1189", "name": "Drive-by Compromise", "display_name": "T1189 - Drive-by Compromise" } ], "industries": [ "Telecommunications", "Cryptocurrency", "Telecom", "Finance" ], "TLP": "white", "cloned_from": null, "export_count": 26, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 66, "URL": 162, "domain": 76, "FileHash-MD5": 12, "FileHash-SHA1": 12, "FileHash-SHA256": 20 }, "indicator_count": 348, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "367 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "680f5ba83da287237eb298c9", "name": "Threat Intel Report - W16-2025", "description": "These are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in a week. \n\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools.", "modified": "2025-05-28T10:02:27.221000", "created": "2025-04-28T10:42:48.579000", "tags": [ "mozi", "week", "clearfake", "iocs", "clickfix", "grouped", "compromise", "urls http", "cvss", "cvss base", "redline stealer", "remcos", "asyncrat", "malware", "date", "malicious", "telegram", "april", "android", "interlock" ], "references": [ "https://any.run/malware-trends/", "https://urlhaus.abuse.ch/" ], "public": 1, "adversary": "", "targeted_countries": [ "Korea, Democratic People's Republic of", "Iran, Islamic Republic of", "Russian Federation" ], "malware_families": [ { "id": "Interlock", "display_name": "Interlock", "target": null } ], "attack_ids": [], "industries": [ "Cryptocurrency", "Government" ], "TLP": "white", "cloned_from": null, "export_count": 19, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 72, "URL": 168, "domain": 59, "FileHash-MD5": 13, "FileHash-SHA1": 13, "FileHash-SHA256": 15, "CVE": 1 }, "indicator_count": 341, "is_author": false, "is_subscribing": null, "subscriber_count": 107, "modified_text": "367 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "680f5a8e01022a089e7764fb", "name": "Threat Intel Report - W15-2025", "description": "These are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week. \n\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools.", "modified": "2025-05-28T10:02:27.221000", "created": "2025-04-28T10:38:06.316000", "tags": [ "mozi", "grouped", "week", "group", "microsoft", "iocs", "clearfake", "compromise", "romania", "turkey", "stealc", "asyncrat", "amadey", "april", "malware", "date", "malicious", "mexico", "xworm", "telegram", "defender" ], "references": [ "https://any.run/malware-trends/", "https://urlhaus.abuse.ch/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [ "Cryptocurrency" ], "TLP": "white", "cloned_from": null, "export_count": 17, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 65, "URL": 170, "FileHash-MD5": 11, "FileHash-SHA1": 11, "FileHash-SHA256": 12, "hostname": 54 }, "indicator_count": 323, "is_author": false, "is_subscribing": null, "subscriber_count": 107, "modified_text": "367 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "680f59605f2cdb05ecfe52b7", "name": "Threat Intel Report - W14-2025", "description": "These are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week. \n\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools.", "modified": "2025-05-28T10:02:27.221000", "created": "2025-04-28T10:33:04.500000", "tags": [ "mozi", "wsgidav", "grouped", "week", "group", "iocs", "turkey", "compromise", "asyncrat", "urls http", "clearfake", "ukraine", "amadey", "remcos", "malware", "date", "indonesia", "uruguay", "telegram", "enterprise", "mark" ], "references": [ "https://any.run/malware-trends/", "https://urlhaus.abuse.ch/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [ "Cryptocurrency" ], "TLP": "white", "cloned_from": null, "export_count": 18, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 85, "URL": 159, "FileHash-MD5": 13, "FileHash-SHA1": 13, "FileHash-SHA256": 17, "domain": 59 }, "indicator_count": 346, "is_author": false, "is_subscribing": null, "subscriber_count": 107, "modified_text": "367 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "psbl.org", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "psbl.org", "found": false, "verdict": "clean", "urls": [], "error": null }, "from_cache": true, "_cached_at": 1780184992.217796 }