{ "type": "Domain", "indicator": "seahorsemethod.com", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/seahorsemethod.com", "alexa": "http://www.alexa.com/siteinfo/seahorsemethod.com", "indicator": "seahorsemethod.com", "type": "domain", "type_title": "Domain", "validation": [], "base_indicator": { "id": 2986538085, "indicator": "seahorsemethod.com", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 7, "pulses": [ { "id": "6a1ab6efb8f3c8da4f6b358c", "name": "GREYVIBE Threat Actor: TTPs, Malware, and Infrastructure Analysis.", "description": "GREYVIBE is a cyber threat actor identified by WithSecure, primarily targeting Ukraine and entities related to Ukraine since August 2025. The group's activities show significant overlaps in their attack infrastructure and operational methodologies, which indicate a persistent campaign aligned with Russian state interests, especially in the context of the Russia-Ukraine war. GREYVIBE's operations have been characterized by the use of various attack vectors, including spear-phishing emails, fake captcha pages, and fraudulent websites impersonating Ukrainian organizations. These methods have facilitated the distribution of malware, predominantly custom-developed variants like PhantomRelay, FallSpy, and LegionRelay.", "modified": "2026-05-30T10:12:00.827000", "created": "2026-05-30T10:07:43.020000", "tags": [ "research", "whitepaper", "mohammad kazem hassan nejad", "2026", "powershell", "fallspy", "legionrelay", "lookvalps", "lookvaljs", "javascript", "daylight", "teasoup", "android spyware", "august", "telegram", "dronelink", "princessclub", "phantomrelayv1", "greyvibe", "domain name", "phantommail", "sha256", "domain", "development", "phantomclick", "club site", "teams", "kongtuke", "april", "nsis", "service", "impacket" ], "references": [ "https://labs.withsecure.com/publications/greyvibe" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "LegionRelay", "display_name": "LegionRelay", "target": null }, { "id": "DroneLink", "display_name": "DroneLink", "target": null }, { "id": "PrincessClub", "display_name": "PrincessClub", "target": null }, { "id": "PhantomRelayV1", "display_name": "PhantomRelayV1", "target": null }, { "id": "LOOKVALJS", "display_name": "LOOKVALJS", "target": null }, { "id": "GREYVIBE", "display_name": "GREYVIBE", "target": null } ], "attack_ids": [ { "id": "T1005", "name": "Data from Local System", "display_name": "T1005 - Data from Local System" }, { "id": "T1016", "name": "System Network Configuration Discovery", "display_name": "T1016 - System Network Configuration Discovery" }, { "id": "T1021.001", "name": "Remote Desktop Protocol", "display_name": "T1021.001 - Remote Desktop Protocol" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1041", "name": "Exfiltration Over C2 Channel", "display_name": "T1041 - Exfiltration Over C2 Channel" }, { "id": "T1059.001", "name": "PowerShell", "display_name": "T1059.001 - PowerShell" }, { "id": "T1059.003", "name": "Windows Command Shell", "display_name": "T1059.003 - Windows Command Shell" }, { "id": "T1059.007", "name": "JavaScript", "display_name": "T1059.007 - JavaScript" }, { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" } ], "industries": [ "Military", "Government", "Energy" ], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "PetrP.73", "id": "154605", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 55, "FileHash-MD5": 14, "FileHash-SHA1": 13, "FileHash-SHA256": 67, "IPv4": 9, "URL": 3, "hostname": 4 }, "indicator_count": 165, "is_author": false, "is_subscribing": null, "subscriber_count": 542, "modified_text": "20 hours ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69b95fe710a461d00bb58879", "name": "Payload_Delivery | Mar 18, 2026 | Part 2/2", "description": "Payload_Delivery indicators. Date: Mar 18, 2026. Part 2/2. For more threat intelligence visit https://ltna.com.au/cyber", "modified": "2026-03-17T14:06:31.046000", "created": "2026-03-17T14:06:31.046000", "tags": [ "payload_delivery" ], "references": [ "https://ltna.com.au/cyber" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "LTNA-Australia", "id": "380633", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_380633/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 550, "domain": 200, "URL": 178, "FileHash-MD5": 100, "FileHash-SHA256": 3 }, "indicator_count": 1031, "is_author": false, "is_subscribing": null, "subscriber_count": 92, "modified_text": "74 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69b808b009a99ffe881dc315", "name": "Payload_Delivery | Mar 17, 2026 | Part 2/2", "description": "Payload_Delivery indicators. Date: Mar 17, 2026. Part 2/2. For more threat intelligence visit https://ltna.com.au/cyber", "modified": "2026-03-16T13:42:08.111000", "created": "2026-03-16T13:42:08.111000", "tags": [ "payload_delivery" ], "references": [ "https://ltna.com.au/cyber" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "LTNA-Australia", "id": "380633", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_380633/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 66, "hostname": 377, "URL": 33, "FileHash-SHA256": 2 }, "indicator_count": 478, "is_author": false, "is_subscribing": null, "subscriber_count": 91, "modified_text": "75 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69b6bc121a952c45ee50b80f", "name": "Payload_Delivery | Mar 16, 2026 | Part 1/2", "description": "Payload_Delivery indicators. Date: Mar 16, 2026. Part 1/2. For more threat intelligence visit https://ltna.com.au/cyber", "modified": "2026-03-15T14:02:58.591000", "created": "2026-03-15T14:02:58.591000", "tags": [ "payload_delivery" ], "references": [ "https://ltna.com.au/cyber" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "LTNA-Australia", "id": "380633", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_380633/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 330, "hostname": 1031, "domain": 363, "FileHash-SHA256": 64, "FileHash-MD5": 149, "FileHash-SHA1": 49 }, "indicator_count": 1986, "is_author": false, "is_subscribing": null, "subscriber_count": 91, "modified_text": "76 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69b56a84f14760edc6870528", "name": "Payload_Delivery | Mar 15, 2026 | Part 1/2", "description": "Payload_Delivery indicators. Date: Mar 15, 2026. Part 1/2. For more threat intelligence visit https://ltna.com.au/cyber", "modified": "2026-03-14T14:02:44.275000", "created": "2026-03-14T14:02:44.275000", "tags": [ "payload_delivery" ], "references": [ "https://ltna.com.au/cyber" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "LTNA-Australia", "id": "380633", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_380633/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 1171, "domain": 366, "URL": 300, "FileHash-MD5": 115, "FileHash-SHA256": 33, "FileHash-SHA1": 14 }, "indicator_count": 1999, "is_author": false, "is_subscribing": null, "subscriber_count": 92, "modified_text": "77 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69b41a97bb607b6513f81335", "name": "Payload_Delivery | Mar 14, 2026 | Part 1/2", "description": "Payload_Delivery indicators. Date: Mar 14, 2026. Part 1/2. For more threat intelligence visit https://ltna.com.au/cyber", "modified": "2026-03-13T14:09:27.029000", "created": "2026-03-13T14:09:27.029000", "tags": [ "payload_delivery" ], "references": [ "https://ltna.com.au/cyber" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "LTNA-Australia", "id": "380633", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_380633/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 268, "hostname": 1133, "domain": 333, "FileHash-SHA256": 64, "FileHash-MD5": 151, "FileHash-SHA1": 50 }, "indicator_count": 1999, "is_author": false, "is_subscribing": null, "subscriber_count": 91, "modified_text": "78 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69b2d0ea8d97c8719be9ca20", "name": "Payload_Delivery | Mar 13, 2026 | Part 1/2", "description": "Payload_Delivery indicators. Date: Mar 13, 2026. Part 1/2. For more threat intelligence visit https://ltna.com.au/cyber", "modified": "2026-03-12T14:42:50.661000", "created": "2026-03-12T14:42:50.661000", "tags": [ "payload_delivery" ], "references": [ "https://ltna.com.au/cyber" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "LTNA-Australia", "id": "380633", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_380633/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 311, "hostname": 1140, "URL": 217, "FileHash-MD5": 172, "FileHash-SHA256": 85, "FileHash-SHA1": 74 }, "indicator_count": 1999, "is_author": false, "is_subscribing": null, "subscriber_count": 91, "modified_text": "79 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "references": [ "https://ltna.com.au/cyber", "https://labs.withsecure.com/publications/greyvibe" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [] }, "other": { "adversary": [], "malware_families": [ "Dronelink", "Phantomrelayv1", "Lookvaljs", "Greyvibe", "Legionrelay", "Princessclub" ], "industries": [ "Government", "Energy", "Military" ] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 7, "pulses": [ { "id": "6a1ab6efb8f3c8da4f6b358c", "name": "GREYVIBE Threat Actor: TTPs, Malware, and Infrastructure Analysis.", "description": "GREYVIBE is a cyber threat actor identified by WithSecure, primarily targeting Ukraine and entities related to Ukraine since August 2025. The group's activities show significant overlaps in their attack infrastructure and operational methodologies, which indicate a persistent campaign aligned with Russian state interests, especially in the context of the Russia-Ukraine war. GREYVIBE's operations have been characterized by the use of various attack vectors, including spear-phishing emails, fake captcha pages, and fraudulent websites impersonating Ukrainian organizations. These methods have facilitated the distribution of malware, predominantly custom-developed variants like PhantomRelay, FallSpy, and LegionRelay.", "modified": "2026-05-30T10:12:00.827000", "created": "2026-05-30T10:07:43.020000", "tags": [ "research", "whitepaper", "mohammad kazem hassan nejad", "2026", "powershell", "fallspy", "legionrelay", "lookvalps", "lookvaljs", "javascript", "daylight", "teasoup", "android spyware", "august", "telegram", "dronelink", "princessclub", "phantomrelayv1", "greyvibe", "domain name", "phantommail", "sha256", "domain", "development", "phantomclick", "club site", "teams", "kongtuke", "april", "nsis", "service", "impacket" ], "references": [ "https://labs.withsecure.com/publications/greyvibe" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "LegionRelay", "display_name": "LegionRelay", "target": null }, { "id": "DroneLink", "display_name": "DroneLink", "target": null }, { "id": "PrincessClub", "display_name": "PrincessClub", "target": null }, { "id": "PhantomRelayV1", "display_name": "PhantomRelayV1", "target": null }, { "id": "LOOKVALJS", "display_name": "LOOKVALJS", "target": null }, { "id": "GREYVIBE", "display_name": "GREYVIBE", "target": null } ], "attack_ids": [ { "id": "T1005", "name": "Data from Local System", "display_name": "T1005 - Data from Local System" }, { "id": "T1016", "name": "System Network Configuration Discovery", "display_name": "T1016 - System Network Configuration Discovery" }, { "id": "T1021.001", "name": "Remote Desktop Protocol", "display_name": "T1021.001 - Remote Desktop Protocol" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1041", "name": "Exfiltration Over C2 Channel", "display_name": "T1041 - Exfiltration Over C2 Channel" }, { "id": "T1059.001", "name": "PowerShell", "display_name": "T1059.001 - PowerShell" }, { "id": "T1059.003", "name": "Windows Command Shell", "display_name": "T1059.003 - Windows Command Shell" }, { "id": "T1059.007", "name": "JavaScript", "display_name": "T1059.007 - JavaScript" }, { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" } ], "industries": [ "Military", "Government", "Energy" ], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "PetrP.73", "id": "154605", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 55, "FileHash-MD5": 14, "FileHash-SHA1": 13, "FileHash-SHA256": 67, "IPv4": 9, "URL": 3, "hostname": 4 }, "indicator_count": 165, "is_author": false, "is_subscribing": null, "subscriber_count": 542, "modified_text": "20 hours ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69b95fe710a461d00bb58879", "name": "Payload_Delivery | Mar 18, 2026 | Part 2/2", "description": "Payload_Delivery indicators. Date: Mar 18, 2026. Part 2/2. For more threat intelligence visit https://ltna.com.au/cyber", "modified": "2026-03-17T14:06:31.046000", "created": "2026-03-17T14:06:31.046000", "tags": [ "payload_delivery" ], "references": [ "https://ltna.com.au/cyber" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "LTNA-Australia", "id": "380633", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_380633/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 550, "domain": 200, "URL": 178, "FileHash-MD5": 100, "FileHash-SHA256": 3 }, "indicator_count": 1031, "is_author": false, "is_subscribing": null, "subscriber_count": 92, "modified_text": "74 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69b808b009a99ffe881dc315", "name": "Payload_Delivery | Mar 17, 2026 | Part 2/2", "description": "Payload_Delivery indicators. Date: Mar 17, 2026. Part 2/2. For more threat intelligence visit https://ltna.com.au/cyber", "modified": "2026-03-16T13:42:08.111000", "created": "2026-03-16T13:42:08.111000", "tags": [ "payload_delivery" ], "references": [ "https://ltna.com.au/cyber" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "LTNA-Australia", "id": "380633", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_380633/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 66, "hostname": 377, "URL": 33, "FileHash-SHA256": 2 }, "indicator_count": 478, "is_author": false, "is_subscribing": null, "subscriber_count": 91, "modified_text": "75 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69b6bc121a952c45ee50b80f", "name": "Payload_Delivery | Mar 16, 2026 | Part 1/2", "description": "Payload_Delivery indicators. Date: Mar 16, 2026. Part 1/2. For more threat intelligence visit https://ltna.com.au/cyber", "modified": "2026-03-15T14:02:58.591000", "created": "2026-03-15T14:02:58.591000", "tags": [ "payload_delivery" ], "references": [ "https://ltna.com.au/cyber" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "LTNA-Australia", "id": "380633", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_380633/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 330, "hostname": 1031, "domain": 363, "FileHash-SHA256": 64, "FileHash-MD5": 149, "FileHash-SHA1": 49 }, "indicator_count": 1986, "is_author": false, "is_subscribing": null, "subscriber_count": 91, "modified_text": "76 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69b56a84f14760edc6870528", "name": "Payload_Delivery | Mar 15, 2026 | Part 1/2", "description": "Payload_Delivery indicators. Date: Mar 15, 2026. Part 1/2. For more threat intelligence visit https://ltna.com.au/cyber", "modified": "2026-03-14T14:02:44.275000", "created": "2026-03-14T14:02:44.275000", "tags": [ "payload_delivery" ], "references": [ "https://ltna.com.au/cyber" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "LTNA-Australia", "id": "380633", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_380633/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 1171, "domain": 366, "URL": 300, "FileHash-MD5": 115, "FileHash-SHA256": 33, "FileHash-SHA1": 14 }, "indicator_count": 1999, "is_author": false, "is_subscribing": null, "subscriber_count": 92, "modified_text": "77 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69b41a97bb607b6513f81335", "name": "Payload_Delivery | Mar 14, 2026 | Part 1/2", "description": "Payload_Delivery indicators. Date: Mar 14, 2026. Part 1/2. For more threat intelligence visit https://ltna.com.au/cyber", "modified": "2026-03-13T14:09:27.029000", "created": "2026-03-13T14:09:27.029000", "tags": [ "payload_delivery" ], "references": [ "https://ltna.com.au/cyber" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "LTNA-Australia", "id": "380633", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_380633/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 268, "hostname": 1133, "domain": 333, "FileHash-SHA256": 64, "FileHash-MD5": 151, "FileHash-SHA1": 50 }, "indicator_count": 1999, "is_author": false, "is_subscribing": null, "subscriber_count": 91, "modified_text": "78 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69b2d0ea8d97c8719be9ca20", "name": "Payload_Delivery | Mar 13, 2026 | Part 1/2", "description": "Payload_Delivery indicators. Date: Mar 13, 2026. Part 1/2. For more threat intelligence visit https://ltna.com.au/cyber", "modified": "2026-03-12T14:42:50.661000", "created": "2026-03-12T14:42:50.661000", "tags": [ "payload_delivery" ], "references": [ "https://ltna.com.au/cyber" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "LTNA-Australia", "id": "380633", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_380633/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 311, "hostname": 1140, "URL": 217, "FileHash-MD5": 172, "FileHash-SHA256": 85, "FileHash-SHA1": 74 }, "indicator_count": 1999, "is_author": false, "is_subscribing": null, "subscriber_count": 91, "modified_text": "79 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "seahorsemethod.com", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "seahorsemethod.com", "found": false, "verdict": "clean", "urls": [], "error": null }, "from_cache": true, "_cached_at": 1780210861.7536147 }