{ "type": "Domain", "indicator": "wwindows.data", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/wwindows.data", "alexa": "http://www.alexa.com/siteinfo/wwindows.data", "indicator": "wwindows.data", "type": "domain", "type_title": "Domain", "validation": [], "base_indicator": { "id": 3974169886, "indicator": "wwindows.data", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 9, "pulses": [ { "id": "68897aac34d205d5cfc55c74", "name": "Threat Actor Profile: Mirage", "description": "# Mirage - Threat Actor Profile\n\n**Report Date**: 2025-07-30\n\n**Actor Type**: unknown\n\n## Description\nMirage is a sophisticated cyber espionage group believed to be linked to Chinas Peoples Liberation Army PLA. The groups primary focus is on intelligence gathering, targeting sectors like aerospace and defense. They employ a variety of tactics and tools, including custom malware.\n\n## Targeted Sectors\n* Administraci\u00f3n p\u00fablica\n* Transporte a\u00e9reo\n* Manufactura\n* Investigaci\u00f3n y tecnolog\u00eda espacial\n* Servicios p\u00fablicos\n* ... y 10 m\u00e1s\n\n## Targeted Countries\n* Rep\u00fablica Dominicana\n* India 2\n* Ghana\n* Siria\n* Venezuela\n* ... y 61 m\u00e1s", "modified": "2025-07-30T01:51:40.989000", "created": "2025-07-30T01:51:40.989000", "tags": [ "threat_actor", "unknown", "target:Dominican Republic", "target:India 2", "target:Ghana", "target:Siria", "target:Venezuela", "target:India", "target:Switzerland", "target:El Salvador", "target:Italy", "target:Mali", "target:Colombia", "target:Pakistan", "target:Panama", "target:Barbados", "target:Bulgaria", "target:But\u00e1n", "target:Albania", "target:South Africa", "target:Uzbekist\u00e1n", "target:Chequia", "target:Ecuador", "target:Eslovaquia", "target:Guatemala", "target:Belgium", "target:Montenegro", "target:Malaysia", "target:Poland", "target:Egypt", "target:EE.UU.", "target:Trinidad y Tobago", "target:Afganist\u00e1n", "target:Georgia", "target:Nigeria", "target:Saudi Arabia", "target:Brazil", "target:France", "target:Indonesia", "target:Chile", "target:Jamaica", "target:Hungary", "target:Portugal", "target:United Kingdom", "target:Peru", "target:Iran", "target:Turqu\u00eda", "target:Kazajist\u00e1n", "target:Bosnia y Herzegovina", "target:China", "target:Sri Lanka", "target:Croacia", "target:Germany", "target:Libia", "target:Mexico", "target:United Arab Emirates", "target:Argentina", "target:Global", "target:Netherlands", "target:Japan", "target:Bolivia", "target:Yibuti", "target:Vietnam", "target:Fiyi", "target:Cuba", "target:Camboya", "target:Taiw\u00e1n", "target:United States" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 20, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "fraevolquez", "id": "91700", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 6, "hostname": 48, "domain": 41 }, "indicator_count": 95, "is_author": false, "is_subscribing": null, "subscriber_count": 55, "modified_text": "306 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6851f4070f95e4f44c09efcf", "name": "Threat Actor Profile: Mirage", "description": "# Mirage - Threat Actor Profile\n\n**Report Date**: 2025-06-17\n\n**Actor Type**: unknown\n\n## Description\nMirage is a sophisticated cyber espionage group believed to be linked to Chinas Peoples Liberation Army PLA. The groups primary focus is on intelligence gathering, targeting sectors like aerospace and defense. They employ a variety of tactics and tools, including custom malware.\n\n## Targeted Sectors\n* Administraci\u00f3n p\u00fablica\n* Transporte a\u00e9reo\n* Manufactura\n* Investigaci\u00f3n y tecnolog\u00eda espacial\n* Servicios p\u00fablicos\n* ... y 10 m\u00e1s\n\n## Targeted Countries\n* Rep\u00fablica Dominicana\n* India 2\n* Ghana\n* Siria\n* Venezuela\n* ... y 61 m\u00e1s", "modified": "2025-06-17T23:02:30.349000", "created": "2025-06-17T23:02:30.349000", "tags": [ "threat_actor", "unknown", "target:Dominican Republic", "target:India 2", "target:Ghana", "target:Siria", "target:Venezuela", "target:India", "target:Switzerland", "target:El Salvador", "target:Italy", "target:Mali", "target:Colombia", "target:Pakistan", "target:Panama", "target:Barbados", "target:Bulgaria", "target:But\u00e1n", "target:Albania", "target:South Africa", "target:Uzbekist\u00e1n", "target:Chequia", "target:Ecuador", "target:Eslovaquia", "target:Guatemala", "target:Belgium", "target:Montenegro", "target:Malaysia", "target:Poland", "target:Egypt", "target:EE.UU.", "target:Trinidad y Tobago", "target:Afganist\u00e1n", "target:Georgia", "target:Nigeria", "target:Saudi Arabia", "target:Brazil", "target:France", "target:Indonesia", "target:Chile", "target:Jamaica", "target:Hungary", "target:Portugal", "target:United Kingdom", "target:Peru", "target:Iran", "target:Turqu\u00eda", "target:Kazajist\u00e1n", "target:Bosnia y Herzegovina", "target:China", "target:Sri Lanka", "target:Croacia", "target:Germany", "target:Libia", "target:Mexico", "target:United Arab Emirates", "target:Argentina", "target:Global", "target:Netherlands", "target:Japan", "target:Bolivia", "target:Yibuti", "target:Vietnam", "target:Fiyi", "target:Cuba", "target:Camboya", "target:Taiw\u00e1n", "target:United States" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 20, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "fraevolquez", "id": "91700", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 6, "hostname": 48, "domain": 41 }, "indicator_count": 95, "is_author": false, "is_subscribing": null, "subscriber_count": 56, "modified_text": "348 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "683df46be3b5f1ff932aa84a", "name": "Threat Actor Profile: Mirage", "description": "# Mirage - Threat Actor Profile\n\n**Report Date**: 2025-06-02\n\n**Actor Type**: unknown\n\n## Description\nMirage is a sophisticated cyber espionage group believed to be linked to Chinas Peoples Liberation Army PLA. The groups primary focus is on intelligence gathering, targeting sectors like aerospace and defense. They employ a variety of tactics and tools, including custom malware.\n\n## Targeted Sectors\n* Administraci\u00f3n p\u00fablica\n* Transporte a\u00e9reo\n* Manufactura\n* Investigaci\u00f3n y tecnolog\u00eda espacial\n* Servicios p\u00fablicos\n* ... y 10 m\u00e1s\n\n## Targeted Countries\n* Rep\u00fablica Dominicana\n* India 2\n* Ghana\n* Siria\n* Venezuela\n* ... y 61 m\u00e1s", "modified": "2025-06-02T18:58:51.287000", "created": "2025-06-02T18:58:51.287000", "tags": [ "threat_actor", "unknown", "target:Dominican Republic", "target:India 2", "target:Ghana", "target:Siria", "target:Venezuela", "target:India", "target:Switzerland", "target:El Salvador", "target:Italy", "target:Mali", "target:Colombia", "target:Pakistan", "target:Panama", "target:Barbados", "target:Bulgaria", "target:But\u00e1n", "target:Albania", "target:South Africa", "target:Uzbekist\u00e1n", "target:Chequia", "target:Ecuador", "target:Eslovaquia", "target:Guatemala", "target:Belgium", "target:Montenegro", "target:Malaysia", "target:Poland", "target:Egypt", "target:EE.UU.", "target:Trinidad y Tobago", "target:Afganist\u00e1n", "target:Georgia", "target:Nigeria", "target:Saudi Arabia", "target:Brazil", "target:France", "target:Indonesia", "target:Chile", "target:Jamaica", "target:Hungary", "target:Portugal", "target:United Kingdom", "target:Peru", "target:Iran", "target:Turqu\u00eda", "target:Kazajist\u00e1n", "target:Bosnia y Herzegovina", "target:China", "target:Sri Lanka", "target:Croacia", "target:Germany", "target:Libia", "target:Mexico", "target:United Arab Emirates", "target:Argentina", "target:Global", "target:Netherlands", "target:Japan", "target:Bolivia", "target:Yibuti", "target:Vietnam", "target:Fiyi", "target:Cuba", "target:Camboya", "target:Taiw\u00e1n", "target:United States" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "fraevolquez", "id": "91700", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 6, "hostname": 48, "domain": 41 }, "indicator_count": 95, "is_author": false, "is_subscribing": null, "subscriber_count": 55, "modified_text": "363 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "681d16a9fdb8ff7bfe8db459", "name": "Threat Actor Profile: Mirage", "description": "# Mirage - Threat Actor Profile\n\n**Report Date**: 2025-05-08\n\n**Actor Type**: unknown\n\n## Description\nMirage is a sophisticated cyber espionage group believed to be linked to Chinas Peoples Liberation Army PLA. The groups primary focus is on intelligence gathering, targeting sectors like aerospace and defense. They employ a variety of tactics and tools, including custom malware.\n\n## Targeted Sectors\n* Administraci\u00f3n p\u00fablica\n* Transporte a\u00e9reo\n* Manufactura\n* Investigaci\u00f3n y tecnolog\u00eda espacial\n* Servicios p\u00fablicos\n* ... y 10 m\u00e1s\n\n## Targeted Countries\n* Rep\u00fablica Dominicana\n* India 2\n* Ghana\n* Siria\n* Venezuela\n* ... y 61 m\u00e1s", "modified": "2025-05-08T20:40:09.409000", "created": "2025-05-08T20:40:09.409000", "tags": [ "threat_actor", "unknown", "target:Dominican Republic", "target:India 2", "target:Ghana", "target:Siria", "target:Venezuela", "target:India", "target:Switzerland", "target:El Salvador", "target:Italy", "target:Mali", "target:Colombia", "target:Pakistan", "target:Panama", "target:Barbados", "target:Bulgaria", "target:But\u00e1n", "target:Albania", "target:South Africa", "target:Uzbekist\u00e1n", "target:Chequia", "target:Ecuador", "target:Eslovaquia", "target:Guatemala", "target:Belgium", "target:Montenegro", "target:Malaysia", "target:Poland", "target:Egypt", "target:EE.UU.", "target:Trinidad y Tobago", "target:Afganist\u00e1n", "target:Georgia", "target:Nigeria", "target:Saudi Arabia", "target:Brazil", "target:France", "target:Indonesia", "target:Chile", "target:Jamaica", "target:Hungary", "target:Portugal", "target:United Kingdom", "target:Peru", "target:Iran", "target:Turqu\u00eda", "target:Kazajist\u00e1n", "target:Bosnia y Herzegovina", "target:China", "target:Sri Lanka", "target:Croacia", "target:Germany", "target:Libia", "target:Mexico", "target:United Arab Emirates", "target:Argentina", "target:Global", "target:Netherlands", "target:Japan", "target:Bolivia", "target:Yibuti", "target:Vietnam", "target:Fiyi", "target:Cuba", "target:Camboya", "target:Taiw\u00e1n", "target:United States" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "fraevolquez", "id": "91700", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 6, "hostname": 48, "domain": 41 }, "indicator_count": 95, "is_author": false, "is_subscribing": null, "subscriber_count": 55, "modified_text": "388 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "680190c45c13710c439a3db0", "name": "Threat Actor Profile: Mirage", "description": "# Mirage - Threat Actor Profile\n\n**Report Date**: 2025-04-17\n\n**Actor Type**: unknown\n\n## Description\nMirage is a sophisticated cyber espionage group believed to be linked to Chinas Peoples Liberation Army PLA. The groups primary focus is on intelligence gathering, targeting sectors like aerospace and defense. They employ a variety of tactics and tools, including custom malware.\n\n## Targeted Sectors\n* Administraci\u00f3n p\u00fablica\n* Transporte a\u00e9reo\n* Manufactura\n* Investigaci\u00f3n y tecnolog\u00eda espacial\n* Servicios p\u00fablicos\n* ... y 10 m\u00e1s\n\n## Targeted Countries\n* Rep\u00fablica Dominicana\n* India 2\n* Ghana\n* Siria\n* Venezuela\n* ... y 61 m\u00e1s", "modified": "2025-04-17T23:37:40.060000", "created": "2025-04-17T23:37:40.060000", "tags": [ "threat_actor", "unknown", "target:Dominican Republic", "target:India 2", "target:Ghana", "target:Siria", "target:Venezuela", "target:India", "target:Switzerland", "target:El Salvador", "target:Italy", "target:Mali", "target:Colombia", "target:Pakistan", "target:Panama", "target:Barbados", "target:Bulgaria", "target:But\u00e1n", "target:Albania", "target:South Africa", "target:Uzbekist\u00e1n", "target:Chequia", "target:Ecuador", "target:Eslovaquia", "target:Guatemala", "target:Belgium", "target:Montenegro", "target:Malaysia", "target:Poland", "target:Egypt", "target:EE.UU.", "target:Trinidad y Tobago", "target:Afganist\u00e1n", "target:Georgia", "target:Nigeria", "target:Saudi Arabia", "target:Brazil", "target:France", "target:Indonesia", "target:Chile", "target:Jamaica", "target:Hungary", "target:Portugal", "target:United Kingdom", "target:Peru", "target:Iran", "target:Turqu\u00eda", "target:Kazajist\u00e1n", "target:Bosnia y Herzegovina", "target:China", "target:Sri Lanka", "target:Croacia", "target:Germany", "target:Libia", "target:Mexico", "target:United Arab Emirates", "target:Argentina", "target:Global", "target:Netherlands", "target:Japan", "target:Bolivia", "target:Yibuti", "target:Vietnam", "target:Fiyi", "target:Cuba", "target:Camboya", "target:Taiw\u00e1n", "target:United States" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "fraevolquez", "id": "91700", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 6, "hostname": 48, "domain": 41 }, "indicator_count": 95, "is_author": false, "is_subscribing": null, "subscriber_count": 55, "modified_text": "409 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "67ff13e09a7b60d18a996220", "name": "Threat Actor Profile: Mirage", "description": "# Mirage - Threat Actor Profile\n\n**Report Date**: 2025-04-16\n\n**Actor Type**: unknown\n\n## Description\nMirage is a sophisticated cyber espionage group believed to be linked to Chinas Peoples Liberation Army PLA. The groups primary focus is on intelligence gathering, targeting sectors like aerospace and defense. They employ a variety of tactics and tools, including custom malware.\n\n## Techniques\n* T1497\n* T1114.002\n* T1114\n* T1001\n* T1094\n* ... y 204 m\u00e1s\n\n## Targeted Sectors\n* Administraci\u00f3n p\u00fablica\n* Transporte a\u00e9reo\n* Manufactura\n* Investigaci\u00f3n y tecnolog\u00eda espacial\n* Servicios p\u00fablicos\n* ... y 10 m\u00e1s\n\n## Targeted Countries\n* Rep\u00fablica Dominicana\n* India 2\n* Ghana\n* Siria\n* Venezuela\n* ... y 61 m\u00e1s", "modified": "2025-04-16T02:20:16.466000", "created": "2025-04-16T02:20:16.466000", "tags": [ "threat_actor", "unknown", "T1497", "T1114.002", "T1114", "T1001", "T1094", "T1566.001", "T1068", "T1087.003", "T1111", "T1059.003", "T1053.002", "T1053.006", "TA0037", "T1014", "T1598.003", "T1602.002", "T1444", "T1081", "TA0004", "T1598.001", "T1598", "T1053.001", "T1574", "T1017", "T1602", "TA0002", "T1202", "T1194", "TA0005", "TA0011", "T1059.006", "T1031", "T1059", "T1055.004", "T1192", "T1574.006", "T1566.002", "T1156", "T1055.008", "T1056.003", "T1560", "T1053.007", "T1583.002", "T1055.001", "T1082", "T1027", "T1608.005", "T1071.001", "T1566", "T1038", "T1589", "T1041", "T1534", "T1105", "TA0009", "T1204.001", "T1155", "T1049", "T1001.003", "T1445", "T1056.001", "T1071.004", "T1608.001", "T1055.002", "T1210", "T1056", "T1450", "TA0006", "T1193", "T1055", "TA0043", "T1493", "TA0003", "TA0007", "T1491", "T1036", "T1036.004", "T1503", "T1114.001", "T1449", "T1566.003", "T1053", "T1110.002", "T1053.003", "T1459", "T1001.001", "T1598.002", "T1140", "T1059.007", "T1496", "TA0001", "T1088", "T1113", "T1071.003", "T1012", "T1046", "T1114.003", "T1129", "T1125", "T1071", "T1583.005_102", "106_T1056", "T1036.002", "T1112", "T1018", "T1021.002", "T1036.005", "T1547", "T1057", "T1008", "T1518", "T1170", "T1021", "T1011", "T1060", "T1539", "T1418", "T1614.001", "T1087.002", "T1021.001", "T1040", "T1020", "T1213", "T1069", "T1587", "T1533", "T1003.003", "T1003.004", "T1560.001", "T1548.002", "T1087", "T1069.002", "T1095", "T1426", "T1102", "T1201", "T1222", "T1070", "T1074", "T1033", "T1130", "T1569", "T1078.002", "T1552", "T1106", "T1190", "T1007", "T1495", "T1133", "T1090", "T1547.001", "T1588.002", "T1016", "T1422", "T1137", "T1588", "T1119", "T1437", "T1124", "T1569.002", "T1134", "T1005", "T1005.001", "T1003.002", "T1903", "T1059.001", "T1853", "T1115", "T1543.003", "T1430", "T1087.001", "T1587.001", "T1562.001", "T1543", "T1489", "T1078", "T1614", "T1509", "T1078.004", "T1083", "T1592.004", "T1558.001", "T1558", "T1530", "T1213.002", "T1047", "T1085", "T1003", "T1003.001", "T1120", "T1217", "T1074.001", "T1010", "T1218", "T1048", "T1553", "T1490", "T1497.003", "T1055.003", "T1571", "T11955", "T1204.002", "T1199", "T1204.", "T1595.002", "T1102.002", "T1583.003", "T1027.009", "T1027.013", "target:Dominican Republic", "target:India 2", "target:Ghana", "target:Siria", "target:Venezuela", "target:India", "target:Switzerland", "target:El Salvador", "target:Italy", "target:Mali", "target:Colombia", "target:Pakistan", "target:Panama", "target:Barbados", "target:Bulgaria", "target:But\u00e1n", "target:Albania", "target:South Africa", "target:Uzbekist\u00e1n", "target:Chequia", "target:Ecuador", "target:Eslovaquia", "target:Guatemala", "target:Belgium", "target:Montenegro", "target:Malaysia", "target:Poland", "target:Egypt", "target:EE.UU.", "target:Trinidad y Tobago", "target:Afganist\u00e1n", "target:Georgia", "target:Nigeria", "target:Saudi Arabia", "target:Brazil", "target:France", "target:Indonesia", "target:Chile", "target:Jamaica", "target:Hungary", "target:Portugal", "target:United Kingdom", "target:Peru", "target:Iran", "target:Turqu\u00eda", "target:Kazajist\u00e1n", "target:Bosnia y Herzegovina", "target:China", "target:Sri Lanka", "target:Croacia", "target:Germany", "target:Libia", "target:Mexico", "target:United Arab Emirates", "target:Argentina", "target:Global", "target:Netherlands", "target:Japan", "target:Bolivia", "target:Yibuti", "target:Vietnam", "target:Fiyi", "target:Cuba", "target:Camboya", "target:Taiw\u00e1n", "target:United States" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "fraevolquez", "id": "91700", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 6, "hostname": 48, "domain": 41 }, "indicator_count": 95, "is_author": false, "is_subscribing": null, "subscriber_count": 55, "modified_text": "411 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "677337a16d3d2b051137f251", "name": "Mirage", "description": "Mirage es un grupo de ciberespionaje vinculado al Ej\u00e9rcito Popular de Liberaci\u00f3n de China, centrado en la recopilaci\u00f3n de inteligencia en sectores como aeroespacial y defensa. Utilizan malware personalizado, spear-phishing y ataques a sitios web para infiltrar organizaciones.", "modified": "2025-01-30T00:00:18.927000", "created": "2024-12-31T00:15:29.657000", "tags": [], "references": [], "public": 1, "adversary": "Mirage", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 9, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "fraevolquez", "id": "91700", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 399, "FileHash-SHA1": 367, "FileHash-SHA256": 379, "CVE": 6, "domain": 41, "hostname": 48 }, "indicator_count": 1240, "is_author": false, "is_subscribing": null, "subscriber_count": 58, "modified_text": "487 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "67733b72d522398f5ea0a12d", "name": "Indicadores de Compromiso Estudiio de Inteligencia de Amenaza para Maestr\u00eda UASD Sobre Actores identificados en SOC Radar", "description": "Indicadores de Compromiso Estudiio de Inteligencia de Amenaza para Maestr\u00eda UASD Sobre Actores identificados en SOC Radar con Intereses en la Administraci\u00f3n P\u00fablica de la Rep\u00fablica Dominicana, Diciembre 2024", "modified": "2025-01-30T00:00:18.927000", "created": "2024-12-31T00:31:46.858000", "tags": [ "cve201711882", "cve20201472" ], "references": [], "public": 1, "adversary": "El Machete, TAG-100, Mirage, Unamed_Grooup", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 7, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "fraevolquez", "id": "91700", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 2631, "FileHash-SHA1": 2168, "FileHash-SHA256": 3401, "CVE": 25, "domain": 977, "hostname": 1226 }, "indicator_count": 10428, "is_author": false, "is_subscribing": null, "subscriber_count": 69, "modified_text": "487 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "66e7b012fa10fcca2774bf64", "name": "China-based cyber espionage campaign in SE Asia is expanding, says Sophos", "description": "According to cybersecurity company Sophos, a suspected China-based cyber espionage campaign called \"Operation Crimson Palace\"\nis expanding its operations to additional countries. The campaign began in 2023 and is made up of three attack groups whose activity\nis managed by China's Ministry of State Security. The group's activity ceased in August 2023, but has recently resumed using a\npreviously undocumented keylogger. The group uses open-source tools like Cobalt Strike (for command and control [C2 or C&C]),\nSharpHound (for reconnaissance), Impacket (for lateral movement), Donut (a shellcode loader), Cloudflare tunnel (also for C2 work),", "modified": "2024-10-16T04:01:12.862000", "created": "2024-09-16T04:12:02.372000", "tags": [ "clusters", "APT15", "UNC5330", "UNC2063", "ChamelGang", "Unfading Seahaze", "Red Delta", "Cluster Charlie", "APT32." ], "references": [ "https://news.sophos.com/en-us/2024/09/09/crimson-palace-new-tools-tactics-targets/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 17, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "tr2222200", "id": "207905", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 15, "FileHash-SHA1": 8, "FileHash-SHA256": 8, "URL": 1, "domain": 6, "hostname": 3 }, "indicator_count": 41, "is_author": false, "is_subscribing": null, "subscriber_count": 188, "modified_text": "593 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "references": [ "https://news.sophos.com/en-us/2024/09/09/crimson-palace-new-tools-tactics-targets/" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [] }, "other": { "adversary": [ "Mirage", "El Machete, TAG-100, Mirage, Unamed_Grooup" ], "malware_families": [], "industries": [] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 9, "pulses": [ { "id": "68897aac34d205d5cfc55c74", "name": "Threat Actor Profile: Mirage", "description": "# Mirage - Threat Actor Profile\n\n**Report Date**: 2025-07-30\n\n**Actor Type**: unknown\n\n## Description\nMirage is a sophisticated cyber espionage group believed to be linked to Chinas Peoples Liberation Army PLA. The groups primary focus is on intelligence gathering, targeting sectors like aerospace and defense. They employ a variety of tactics and tools, including custom malware.\n\n## Targeted Sectors\n* Administraci\u00f3n p\u00fablica\n* Transporte a\u00e9reo\n* Manufactura\n* Investigaci\u00f3n y tecnolog\u00eda espacial\n* Servicios p\u00fablicos\n* ... y 10 m\u00e1s\n\n## Targeted Countries\n* Rep\u00fablica Dominicana\n* India 2\n* Ghana\n* Siria\n* Venezuela\n* ... y 61 m\u00e1s", "modified": "2025-07-30T01:51:40.989000", "created": "2025-07-30T01:51:40.989000", "tags": [ "threat_actor", "unknown", "target:Dominican Republic", "target:India 2", "target:Ghana", "target:Siria", "target:Venezuela", "target:India", "target:Switzerland", "target:El Salvador", "target:Italy", "target:Mali", "target:Colombia", "target:Pakistan", "target:Panama", "target:Barbados", "target:Bulgaria", "target:But\u00e1n", "target:Albania", "target:South Africa", "target:Uzbekist\u00e1n", "target:Chequia", "target:Ecuador", "target:Eslovaquia", "target:Guatemala", "target:Belgium", "target:Montenegro", "target:Malaysia", "target:Poland", "target:Egypt", "target:EE.UU.", "target:Trinidad y Tobago", "target:Afganist\u00e1n", "target:Georgia", "target:Nigeria", "target:Saudi Arabia", "target:Brazil", "target:France", "target:Indonesia", "target:Chile", "target:Jamaica", "target:Hungary", "target:Portugal", "target:United Kingdom", "target:Peru", "target:Iran", "target:Turqu\u00eda", "target:Kazajist\u00e1n", "target:Bosnia y Herzegovina", "target:China", "target:Sri Lanka", "target:Croacia", "target:Germany", "target:Libia", "target:Mexico", "target:United Arab Emirates", "target:Argentina", "target:Global", "target:Netherlands", "target:Japan", "target:Bolivia", "target:Yibuti", "target:Vietnam", "target:Fiyi", "target:Cuba", "target:Camboya", "target:Taiw\u00e1n", "target:United States" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 20, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "fraevolquez", "id": "91700", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 6, "hostname": 48, "domain": 41 }, "indicator_count": 95, "is_author": false, "is_subscribing": null, "subscriber_count": 55, "modified_text": "306 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6851f4070f95e4f44c09efcf", "name": "Threat Actor Profile: Mirage", "description": "# Mirage - Threat Actor Profile\n\n**Report Date**: 2025-06-17\n\n**Actor Type**: unknown\n\n## Description\nMirage is a sophisticated cyber espionage group believed to be linked to Chinas Peoples Liberation Army PLA. The groups primary focus is on intelligence gathering, targeting sectors like aerospace and defense. They employ a variety of tactics and tools, including custom malware.\n\n## Targeted Sectors\n* Administraci\u00f3n p\u00fablica\n* Transporte a\u00e9reo\n* Manufactura\n* Investigaci\u00f3n y tecnolog\u00eda espacial\n* Servicios p\u00fablicos\n* ... y 10 m\u00e1s\n\n## Targeted Countries\n* Rep\u00fablica Dominicana\n* India 2\n* Ghana\n* Siria\n* Venezuela\n* ... y 61 m\u00e1s", "modified": "2025-06-17T23:02:30.349000", "created": "2025-06-17T23:02:30.349000", "tags": [ "threat_actor", "unknown", "target:Dominican Republic", "target:India 2", "target:Ghana", "target:Siria", "target:Venezuela", "target:India", "target:Switzerland", "target:El Salvador", "target:Italy", "target:Mali", "target:Colombia", "target:Pakistan", "target:Panama", "target:Barbados", "target:Bulgaria", "target:But\u00e1n", "target:Albania", "target:South Africa", "target:Uzbekist\u00e1n", "target:Chequia", "target:Ecuador", "target:Eslovaquia", "target:Guatemala", "target:Belgium", "target:Montenegro", "target:Malaysia", "target:Poland", "target:Egypt", "target:EE.UU.", "target:Trinidad y Tobago", "target:Afganist\u00e1n", "target:Georgia", "target:Nigeria", "target:Saudi Arabia", "target:Brazil", "target:France", "target:Indonesia", "target:Chile", "target:Jamaica", "target:Hungary", "target:Portugal", "target:United Kingdom", "target:Peru", "target:Iran", "target:Turqu\u00eda", "target:Kazajist\u00e1n", "target:Bosnia y Herzegovina", "target:China", "target:Sri Lanka", "target:Croacia", "target:Germany", "target:Libia", "target:Mexico", "target:United Arab Emirates", "target:Argentina", "target:Global", "target:Netherlands", "target:Japan", "target:Bolivia", "target:Yibuti", "target:Vietnam", "target:Fiyi", "target:Cuba", "target:Camboya", "target:Taiw\u00e1n", "target:United States" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 20, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "fraevolquez", "id": "91700", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 6, "hostname": 48, "domain": 41 }, "indicator_count": 95, "is_author": false, "is_subscribing": null, "subscriber_count": 56, "modified_text": "348 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "683df46be3b5f1ff932aa84a", "name": "Threat Actor Profile: Mirage", "description": "# Mirage - Threat Actor Profile\n\n**Report Date**: 2025-06-02\n\n**Actor Type**: unknown\n\n## Description\nMirage is a sophisticated cyber espionage group believed to be linked to Chinas Peoples Liberation Army PLA. The groups primary focus is on intelligence gathering, targeting sectors like aerospace and defense. They employ a variety of tactics and tools, including custom malware.\n\n## Targeted Sectors\n* Administraci\u00f3n p\u00fablica\n* Transporte a\u00e9reo\n* Manufactura\n* Investigaci\u00f3n y tecnolog\u00eda espacial\n* Servicios p\u00fablicos\n* ... y 10 m\u00e1s\n\n## Targeted Countries\n* Rep\u00fablica Dominicana\n* India 2\n* Ghana\n* Siria\n* Venezuela\n* ... y 61 m\u00e1s", "modified": "2025-06-02T18:58:51.287000", "created": "2025-06-02T18:58:51.287000", "tags": [ "threat_actor", "unknown", "target:Dominican Republic", "target:India 2", "target:Ghana", "target:Siria", "target:Venezuela", "target:India", "target:Switzerland", "target:El Salvador", "target:Italy", "target:Mali", "target:Colombia", "target:Pakistan", "target:Panama", "target:Barbados", "target:Bulgaria", "target:But\u00e1n", "target:Albania", "target:South Africa", "target:Uzbekist\u00e1n", "target:Chequia", "target:Ecuador", "target:Eslovaquia", "target:Guatemala", "target:Belgium", "target:Montenegro", "target:Malaysia", "target:Poland", "target:Egypt", "target:EE.UU.", "target:Trinidad y Tobago", "target:Afganist\u00e1n", "target:Georgia", "target:Nigeria", "target:Saudi Arabia", "target:Brazil", "target:France", "target:Indonesia", "target:Chile", "target:Jamaica", "target:Hungary", "target:Portugal", "target:United Kingdom", "target:Peru", "target:Iran", "target:Turqu\u00eda", "target:Kazajist\u00e1n", "target:Bosnia y Herzegovina", "target:China", "target:Sri Lanka", "target:Croacia", "target:Germany", "target:Libia", "target:Mexico", "target:United Arab Emirates", "target:Argentina", "target:Global", "target:Netherlands", "target:Japan", "target:Bolivia", "target:Yibuti", "target:Vietnam", "target:Fiyi", "target:Cuba", "target:Camboya", "target:Taiw\u00e1n", "target:United States" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "fraevolquez", "id": "91700", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 6, "hostname": 48, "domain": 41 }, "indicator_count": 95, "is_author": false, "is_subscribing": null, "subscriber_count": 55, "modified_text": "363 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "681d16a9fdb8ff7bfe8db459", "name": "Threat Actor Profile: Mirage", "description": "# Mirage - Threat Actor Profile\n\n**Report Date**: 2025-05-08\n\n**Actor Type**: unknown\n\n## Description\nMirage is a sophisticated cyber espionage group believed to be linked to Chinas Peoples Liberation Army PLA. The groups primary focus is on intelligence gathering, targeting sectors like aerospace and defense. They employ a variety of tactics and tools, including custom malware.\n\n## Targeted Sectors\n* Administraci\u00f3n p\u00fablica\n* Transporte a\u00e9reo\n* Manufactura\n* Investigaci\u00f3n y tecnolog\u00eda espacial\n* Servicios p\u00fablicos\n* ... y 10 m\u00e1s\n\n## Targeted Countries\n* Rep\u00fablica Dominicana\n* India 2\n* Ghana\n* Siria\n* Venezuela\n* ... y 61 m\u00e1s", "modified": "2025-05-08T20:40:09.409000", "created": "2025-05-08T20:40:09.409000", "tags": [ "threat_actor", "unknown", "target:Dominican Republic", "target:India 2", "target:Ghana", "target:Siria", "target:Venezuela", "target:India", "target:Switzerland", "target:El Salvador", "target:Italy", "target:Mali", "target:Colombia", "target:Pakistan", "target:Panama", "target:Barbados", "target:Bulgaria", "target:But\u00e1n", "target:Albania", "target:South Africa", "target:Uzbekist\u00e1n", "target:Chequia", "target:Ecuador", "target:Eslovaquia", "target:Guatemala", "target:Belgium", "target:Montenegro", "target:Malaysia", "target:Poland", "target:Egypt", "target:EE.UU.", "target:Trinidad y Tobago", "target:Afganist\u00e1n", "target:Georgia", "target:Nigeria", "target:Saudi Arabia", "target:Brazil", "target:France", "target:Indonesia", "target:Chile", "target:Jamaica", "target:Hungary", "target:Portugal", "target:United Kingdom", "target:Peru", "target:Iran", "target:Turqu\u00eda", "target:Kazajist\u00e1n", "target:Bosnia y Herzegovina", "target:China", "target:Sri Lanka", "target:Croacia", "target:Germany", "target:Libia", "target:Mexico", "target:United Arab Emirates", "target:Argentina", "target:Global", "target:Netherlands", "target:Japan", "target:Bolivia", "target:Yibuti", "target:Vietnam", "target:Fiyi", "target:Cuba", "target:Camboya", "target:Taiw\u00e1n", "target:United States" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "fraevolquez", "id": "91700", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 6, "hostname": 48, "domain": 41 }, "indicator_count": 95, "is_author": false, "is_subscribing": null, "subscriber_count": 55, "modified_text": "388 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "680190c45c13710c439a3db0", "name": "Threat Actor Profile: Mirage", "description": "# Mirage - Threat Actor Profile\n\n**Report Date**: 2025-04-17\n\n**Actor Type**: unknown\n\n## Description\nMirage is a sophisticated cyber espionage group believed to be linked to Chinas Peoples Liberation Army PLA. The groups primary focus is on intelligence gathering, targeting sectors like aerospace and defense. They employ a variety of tactics and tools, including custom malware.\n\n## Targeted Sectors\n* Administraci\u00f3n p\u00fablica\n* Transporte a\u00e9reo\n* Manufactura\n* Investigaci\u00f3n y tecnolog\u00eda espacial\n* Servicios p\u00fablicos\n* ... y 10 m\u00e1s\n\n## Targeted Countries\n* Rep\u00fablica Dominicana\n* India 2\n* Ghana\n* Siria\n* Venezuela\n* ... y 61 m\u00e1s", "modified": "2025-04-17T23:37:40.060000", "created": "2025-04-17T23:37:40.060000", "tags": [ "threat_actor", "unknown", "target:Dominican Republic", "target:India 2", "target:Ghana", "target:Siria", "target:Venezuela", "target:India", "target:Switzerland", "target:El Salvador", "target:Italy", "target:Mali", "target:Colombia", "target:Pakistan", "target:Panama", "target:Barbados", "target:Bulgaria", "target:But\u00e1n", "target:Albania", "target:South Africa", "target:Uzbekist\u00e1n", "target:Chequia", "target:Ecuador", "target:Eslovaquia", "target:Guatemala", "target:Belgium", "target:Montenegro", "target:Malaysia", "target:Poland", "target:Egypt", "target:EE.UU.", "target:Trinidad y Tobago", "target:Afganist\u00e1n", "target:Georgia", "target:Nigeria", "target:Saudi Arabia", "target:Brazil", "target:France", "target:Indonesia", "target:Chile", "target:Jamaica", "target:Hungary", "target:Portugal", "target:United Kingdom", "target:Peru", "target:Iran", "target:Turqu\u00eda", "target:Kazajist\u00e1n", "target:Bosnia y Herzegovina", "target:China", "target:Sri Lanka", "target:Croacia", "target:Germany", "target:Libia", "target:Mexico", "target:United Arab Emirates", "target:Argentina", "target:Global", "target:Netherlands", "target:Japan", "target:Bolivia", "target:Yibuti", "target:Vietnam", "target:Fiyi", "target:Cuba", "target:Camboya", "target:Taiw\u00e1n", "target:United States" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "fraevolquez", "id": "91700", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 6, "hostname": 48, "domain": 41 }, "indicator_count": 95, "is_author": false, "is_subscribing": null, "subscriber_count": 55, "modified_text": "409 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "67ff13e09a7b60d18a996220", "name": "Threat Actor Profile: Mirage", "description": "# Mirage - Threat Actor Profile\n\n**Report Date**: 2025-04-16\n\n**Actor Type**: unknown\n\n## Description\nMirage is a sophisticated cyber espionage group believed to be linked to Chinas Peoples Liberation Army PLA. The groups primary focus is on intelligence gathering, targeting sectors like aerospace and defense. They employ a variety of tactics and tools, including custom malware.\n\n## Techniques\n* T1497\n* T1114.002\n* T1114\n* T1001\n* T1094\n* ... y 204 m\u00e1s\n\n## Targeted Sectors\n* Administraci\u00f3n p\u00fablica\n* Transporte a\u00e9reo\n* Manufactura\n* Investigaci\u00f3n y tecnolog\u00eda espacial\n* Servicios p\u00fablicos\n* ... y 10 m\u00e1s\n\n## Targeted Countries\n* Rep\u00fablica Dominicana\n* India 2\n* Ghana\n* Siria\n* Venezuela\n* ... y 61 m\u00e1s", "modified": "2025-04-16T02:20:16.466000", "created": "2025-04-16T02:20:16.466000", "tags": [ "threat_actor", "unknown", "T1497", "T1114.002", "T1114", "T1001", "T1094", "T1566.001", "T1068", "T1087.003", "T1111", "T1059.003", "T1053.002", "T1053.006", "TA0037", "T1014", "T1598.003", "T1602.002", "T1444", "T1081", "TA0004", "T1598.001", "T1598", "T1053.001", "T1574", "T1017", "T1602", "TA0002", "T1202", "T1194", "TA0005", "TA0011", "T1059.006", "T1031", "T1059", "T1055.004", "T1192", "T1574.006", "T1566.002", "T1156", "T1055.008", "T1056.003", "T1560", "T1053.007", "T1583.002", "T1055.001", "T1082", "T1027", "T1608.005", "T1071.001", "T1566", "T1038", "T1589", "T1041", "T1534", "T1105", "TA0009", "T1204.001", "T1155", "T1049", "T1001.003", "T1445", "T1056.001", "T1071.004", "T1608.001", "T1055.002", "T1210", "T1056", "T1450", "TA0006", "T1193", "T1055", "TA0043", "T1493", "TA0003", "TA0007", "T1491", "T1036", "T1036.004", "T1503", "T1114.001", "T1449", "T1566.003", "T1053", "T1110.002", "T1053.003", "T1459", "T1001.001", "T1598.002", "T1140", "T1059.007", "T1496", "TA0001", "T1088", "T1113", "T1071.003", "T1012", "T1046", "T1114.003", "T1129", "T1125", "T1071", "T1583.005_102", "106_T1056", "T1036.002", "T1112", "T1018", "T1021.002", "T1036.005", "T1547", "T1057", "T1008", "T1518", "T1170", "T1021", "T1011", "T1060", "T1539", "T1418", "T1614.001", "T1087.002", "T1021.001", "T1040", "T1020", "T1213", "T1069", "T1587", "T1533", "T1003.003", "T1003.004", "T1560.001", "T1548.002", "T1087", "T1069.002", "T1095", "T1426", "T1102", "T1201", "T1222", "T1070", "T1074", "T1033", "T1130", "T1569", "T1078.002", "T1552", "T1106", "T1190", "T1007", "T1495", "T1133", "T1090", "T1547.001", "T1588.002", "T1016", "T1422", "T1137", "T1588", "T1119", "T1437", "T1124", "T1569.002", "T1134", "T1005", "T1005.001", "T1003.002", "T1903", "T1059.001", "T1853", "T1115", "T1543.003", "T1430", "T1087.001", "T1587.001", "T1562.001", "T1543", "T1489", "T1078", "T1614", "T1509", "T1078.004", "T1083", "T1592.004", "T1558.001", "T1558", "T1530", "T1213.002", "T1047", "T1085", "T1003", "T1003.001", "T1120", "T1217", "T1074.001", "T1010", "T1218", "T1048", "T1553", "T1490", "T1497.003", "T1055.003", "T1571", "T11955", "T1204.002", "T1199", "T1204.", "T1595.002", "T1102.002", "T1583.003", "T1027.009", "T1027.013", "target:Dominican Republic", "target:India 2", "target:Ghana", "target:Siria", "target:Venezuela", "target:India", "target:Switzerland", "target:El Salvador", "target:Italy", "target:Mali", "target:Colombia", "target:Pakistan", "target:Panama", "target:Barbados", "target:Bulgaria", "target:But\u00e1n", "target:Albania", "target:South Africa", "target:Uzbekist\u00e1n", "target:Chequia", "target:Ecuador", "target:Eslovaquia", "target:Guatemala", "target:Belgium", "target:Montenegro", "target:Malaysia", "target:Poland", "target:Egypt", "target:EE.UU.", "target:Trinidad y Tobago", "target:Afganist\u00e1n", "target:Georgia", "target:Nigeria", "target:Saudi Arabia", "target:Brazil", "target:France", "target:Indonesia", "target:Chile", "target:Jamaica", "target:Hungary", "target:Portugal", "target:United Kingdom", "target:Peru", "target:Iran", "target:Turqu\u00eda", "target:Kazajist\u00e1n", "target:Bosnia y Herzegovina", "target:China", "target:Sri Lanka", "target:Croacia", "target:Germany", "target:Libia", "target:Mexico", "target:United Arab Emirates", "target:Argentina", "target:Global", "target:Netherlands", "target:Japan", "target:Bolivia", "target:Yibuti", "target:Vietnam", "target:Fiyi", "target:Cuba", "target:Camboya", "target:Taiw\u00e1n", "target:United States" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "fraevolquez", "id": "91700", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 6, "hostname": 48, "domain": 41 }, "indicator_count": 95, "is_author": false, "is_subscribing": null, "subscriber_count": 55, "modified_text": "411 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "677337a16d3d2b051137f251", "name": "Mirage", "description": "Mirage es un grupo de ciberespionaje vinculado al Ej\u00e9rcito Popular de Liberaci\u00f3n de China, centrado en la recopilaci\u00f3n de inteligencia en sectores como aeroespacial y defensa. Utilizan malware personalizado, spear-phishing y ataques a sitios web para infiltrar organizaciones.", "modified": "2025-01-30T00:00:18.927000", "created": "2024-12-31T00:15:29.657000", "tags": [], "references": [], "public": 1, "adversary": "Mirage", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 9, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "fraevolquez", "id": "91700", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 399, "FileHash-SHA1": 367, "FileHash-SHA256": 379, "CVE": 6, "domain": 41, "hostname": 48 }, "indicator_count": 1240, "is_author": false, "is_subscribing": null, "subscriber_count": 58, "modified_text": "487 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "67733b72d522398f5ea0a12d", "name": "Indicadores de Compromiso Estudiio de Inteligencia de Amenaza para Maestr\u00eda UASD Sobre Actores identificados en SOC Radar", "description": "Indicadores de Compromiso Estudiio de Inteligencia de Amenaza para Maestr\u00eda UASD Sobre Actores identificados en SOC Radar con Intereses en la Administraci\u00f3n P\u00fablica de la Rep\u00fablica Dominicana, Diciembre 2024", "modified": "2025-01-30T00:00:18.927000", "created": "2024-12-31T00:31:46.858000", "tags": [ "cve201711882", "cve20201472" ], "references": [], "public": 1, "adversary": "El Machete, TAG-100, Mirage, Unamed_Grooup", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 7, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "fraevolquez", "id": "91700", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 2631, "FileHash-SHA1": 2168, "FileHash-SHA256": 3401, "CVE": 25, "domain": 977, "hostname": 1226 }, "indicator_count": 10428, "is_author": false, "is_subscribing": null, "subscriber_count": 69, "modified_text": "487 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "66e7b012fa10fcca2774bf64", "name": "China-based cyber espionage campaign in SE Asia is expanding, says Sophos", "description": "According to cybersecurity company Sophos, a suspected China-based cyber espionage campaign called \"Operation Crimson Palace\"\nis expanding its operations to additional countries. The campaign began in 2023 and is made up of three attack groups whose activity\nis managed by China's Ministry of State Security. The group's activity ceased in August 2023, but has recently resumed using a\npreviously undocumented keylogger. The group uses open-source tools like Cobalt Strike (for command and control [C2 or C&C]),\nSharpHound (for reconnaissance), Impacket (for lateral movement), Donut (a shellcode loader), Cloudflare tunnel (also for C2 work),", "modified": "2024-10-16T04:01:12.862000", "created": "2024-09-16T04:12:02.372000", "tags": [ "clusters", "APT15", "UNC5330", "UNC2063", "ChamelGang", "Unfading Seahaze", "Red Delta", "Cluster Charlie", "APT32." ], "references": [ "https://news.sophos.com/en-us/2024/09/09/crimson-palace-new-tools-tactics-targets/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 17, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "tr2222200", "id": "207905", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 15, "FileHash-SHA1": 8, "FileHash-SHA256": 8, "URL": 1, "domain": 6, "hostname": 3 }, "indicator_count": 41, "is_author": false, "is_subscribing": null, "subscriber_count": 188, "modified_text": "593 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "wwindows.data", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "wwindows.data", "found": false, "verdict": "clean", "urls": [], "error": null }, "from_cache": true, "_cached_at": 1780326246.1706443 }