{ "type": "Domain", "indicator": "zipcodeterm.com", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/zipcodeterm.com", "alexa": "http://www.alexa.com/siteinfo/zipcodeterm.com", "indicator": "zipcodeterm.com", "type": "domain", "type_title": "Domain", "validation": [], "base_indicator": { "id": 433402345, "indicator": "zipcodeterm.com", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 9, "pulses": [ { "id": "5aa3a21ceb6bea498d672e1d", "name": "APT15 is alive and strong: An analysis of RoyalCli and RoyalDNS", "description": "In May 2017, NCC Groups Incident Response team reacted to an ongoing incident where our client, which provides a range of services to UK Government, suffered a network compromise involving the advanced persistent threat group APT15.\n\nAPT15 is also known as, Ke3chang, Mirage, Vixen Panda GREF and Playful Dragon.\nA number of sensitive documents were stolen by the attackers during the incident and we believe APT15 was targeting information related to UK government departments and military technology.", "modified": "2018-03-10T09:20:44.193000", "created": "2018-03-10T09:15:08.327000", "tags": [ "APT15", "Ke3chang", "Mirage", "Vixen Panda", "GREF", "Playful Dragon", "RoyalCli", "RoyalDNS", "BS2005", "nccgroup" ], "references": [ "https://raw.githubusercontent.com/nccgroup/Royal_APT/master/signatures/apt15.yara", "https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2018/march/apt15-is-alive-and-strong-an-analysis-of-royalcli-and-royaldns/" ], "public": 1, "adversary": "APT15", "targeted_countries": [ "United Kingdom" ], "malware_families": [], "attack_ids": [], "industries": [ "government", "defence" ], "TLP": "white", "cloned_from": null, "export_count": 70, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "domain": 4, "FileHash-SHA256": 6, "hostname": 6, "YARA": 6, "FileHash-MD5": 2 }, "indicator_count": 24, "is_author": false, "is_subscribing": null, "subscriber_count": 386693, "modified_text": "3004 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "68897aac34d205d5cfc55c74", "name": "Threat Actor Profile: Mirage", "description": "# Mirage - Threat Actor Profile\n\n**Report Date**: 2025-07-30\n\n**Actor Type**: unknown\n\n## Description\nMirage is a sophisticated cyber espionage group believed to be linked to Chinas Peoples Liberation Army PLA. The groups primary focus is on intelligence gathering, targeting sectors like aerospace and defense. They employ a variety of tactics and tools, including custom malware.\n\n## Targeted Sectors\n* Administraci\u00f3n p\u00fablica\n* Transporte a\u00e9reo\n* Manufactura\n* Investigaci\u00f3n y tecnolog\u00eda espacial\n* Servicios p\u00fablicos\n* ... y 10 m\u00e1s\n\n## Targeted Countries\n* Rep\u00fablica Dominicana\n* India 2\n* Ghana\n* Siria\n* Venezuela\n* ... y 61 m\u00e1s", "modified": "2025-07-30T01:51:40.989000", "created": "2025-07-30T01:51:40.989000", "tags": [ "threat_actor", "unknown", "target:Dominican Republic", "target:India 2", "target:Ghana", "target:Siria", "target:Venezuela", "target:India", "target:Switzerland", "target:El Salvador", "target:Italy", "target:Mali", "target:Colombia", "target:Pakistan", "target:Panama", "target:Barbados", "target:Bulgaria", "target:But\u00e1n", "target:Albania", "target:South Africa", "target:Uzbekist\u00e1n", "target:Chequia", "target:Ecuador", "target:Eslovaquia", "target:Guatemala", "target:Belgium", "target:Montenegro", "target:Malaysia", "target:Poland", "target:Egypt", "target:EE.UU.", "target:Trinidad y Tobago", "target:Afganist\u00e1n", "target:Georgia", "target:Nigeria", "target:Saudi Arabia", "target:Brazil", "target:France", "target:Indonesia", "target:Chile", "target:Jamaica", "target:Hungary", "target:Portugal", "target:United Kingdom", "target:Peru", "target:Iran", "target:Turqu\u00eda", "target:Kazajist\u00e1n", "target:Bosnia y Herzegovina", "target:China", "target:Sri Lanka", "target:Croacia", "target:Germany", "target:Libia", "target:Mexico", "target:United Arab Emirates", "target:Argentina", "target:Global", "target:Netherlands", "target:Japan", "target:Bolivia", "target:Yibuti", "target:Vietnam", "target:Fiyi", "target:Cuba", "target:Camboya", "target:Taiw\u00e1n", "target:United States" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 20, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "fraevolquez", "id": "91700", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 6, "hostname": 48, "domain": 41 }, "indicator_count": 95, "is_author": false, "is_subscribing": null, "subscriber_count": 55, "modified_text": "306 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6851f4070f95e4f44c09efcf", "name": "Threat Actor Profile: Mirage", "description": "# Mirage - Threat Actor Profile\n\n**Report Date**: 2025-06-17\n\n**Actor Type**: unknown\n\n## Description\nMirage is a sophisticated cyber espionage group believed to be linked to Chinas Peoples Liberation Army PLA. The groups primary focus is on intelligence gathering, targeting sectors like aerospace and defense. They employ a variety of tactics and tools, including custom malware.\n\n## Targeted Sectors\n* Administraci\u00f3n p\u00fablica\n* Transporte a\u00e9reo\n* Manufactura\n* Investigaci\u00f3n y tecnolog\u00eda espacial\n* Servicios p\u00fablicos\n* ... y 10 m\u00e1s\n\n## Targeted Countries\n* Rep\u00fablica Dominicana\n* India 2\n* Ghana\n* Siria\n* Venezuela\n* ... y 61 m\u00e1s", "modified": "2025-06-17T23:02:30.349000", "created": "2025-06-17T23:02:30.349000", "tags": [ "threat_actor", "unknown", "target:Dominican Republic", "target:India 2", "target:Ghana", "target:Siria", "target:Venezuela", "target:India", "target:Switzerland", "target:El Salvador", "target:Italy", "target:Mali", "target:Colombia", "target:Pakistan", "target:Panama", "target:Barbados", "target:Bulgaria", "target:But\u00e1n", "target:Albania", "target:South Africa", "target:Uzbekist\u00e1n", "target:Chequia", "target:Ecuador", "target:Eslovaquia", "target:Guatemala", "target:Belgium", "target:Montenegro", "target:Malaysia", "target:Poland", "target:Egypt", "target:EE.UU.", "target:Trinidad y Tobago", "target:Afganist\u00e1n", "target:Georgia", "target:Nigeria", "target:Saudi Arabia", "target:Brazil", "target:France", "target:Indonesia", "target:Chile", "target:Jamaica", "target:Hungary", "target:Portugal", "target:United Kingdom", "target:Peru", "target:Iran", "target:Turqu\u00eda", "target:Kazajist\u00e1n", "target:Bosnia y Herzegovina", "target:China", "target:Sri Lanka", "target:Croacia", "target:Germany", "target:Libia", "target:Mexico", "target:United Arab Emirates", "target:Argentina", "target:Global", "target:Netherlands", "target:Japan", "target:Bolivia", "target:Yibuti", "target:Vietnam", "target:Fiyi", "target:Cuba", "target:Camboya", "target:Taiw\u00e1n", "target:United States" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 20, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "fraevolquez", "id": "91700", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 6, "hostname": 48, "domain": 41 }, "indicator_count": 95, "is_author": false, "is_subscribing": null, "subscriber_count": 56, "modified_text": "348 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "683df46be3b5f1ff932aa84a", "name": "Threat Actor Profile: Mirage", "description": "# Mirage - Threat Actor Profile\n\n**Report Date**: 2025-06-02\n\n**Actor Type**: unknown\n\n## Description\nMirage is a sophisticated cyber espionage group believed to be linked to Chinas Peoples Liberation Army PLA. The groups primary focus is on intelligence gathering, targeting sectors like aerospace and defense. They employ a variety of tactics and tools, including custom malware.\n\n## Targeted Sectors\n* Administraci\u00f3n p\u00fablica\n* Transporte a\u00e9reo\n* Manufactura\n* Investigaci\u00f3n y tecnolog\u00eda espacial\n* Servicios p\u00fablicos\n* ... y 10 m\u00e1s\n\n## Targeted Countries\n* Rep\u00fablica Dominicana\n* India 2\n* Ghana\n* Siria\n* Venezuela\n* ... y 61 m\u00e1s", "modified": "2025-06-02T18:58:51.287000", "created": "2025-06-02T18:58:51.287000", "tags": [ "threat_actor", "unknown", "target:Dominican Republic", "target:India 2", "target:Ghana", "target:Siria", "target:Venezuela", "target:India", "target:Switzerland", "target:El Salvador", "target:Italy", "target:Mali", "target:Colombia", "target:Pakistan", "target:Panama", "target:Barbados", "target:Bulgaria", "target:But\u00e1n", "target:Albania", "target:South Africa", "target:Uzbekist\u00e1n", "target:Chequia", "target:Ecuador", "target:Eslovaquia", "target:Guatemala", "target:Belgium", "target:Montenegro", "target:Malaysia", "target:Poland", "target:Egypt", "target:EE.UU.", "target:Trinidad y Tobago", "target:Afganist\u00e1n", "target:Georgia", "target:Nigeria", "target:Saudi Arabia", "target:Brazil", "target:France", "target:Indonesia", "target:Chile", "target:Jamaica", "target:Hungary", "target:Portugal", "target:United Kingdom", "target:Peru", "target:Iran", "target:Turqu\u00eda", "target:Kazajist\u00e1n", "target:Bosnia y Herzegovina", "target:China", "target:Sri Lanka", "target:Croacia", "target:Germany", "target:Libia", "target:Mexico", "target:United Arab Emirates", "target:Argentina", "target:Global", "target:Netherlands", "target:Japan", "target:Bolivia", "target:Yibuti", "target:Vietnam", "target:Fiyi", "target:Cuba", "target:Camboya", "target:Taiw\u00e1n", "target:United States" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "fraevolquez", "id": "91700", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 6, "hostname": 48, "domain": 41 }, "indicator_count": 95, "is_author": false, "is_subscribing": null, "subscriber_count": 55, "modified_text": "363 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "681d16a9fdb8ff7bfe8db459", "name": "Threat Actor Profile: Mirage", "description": "# Mirage - Threat Actor Profile\n\n**Report Date**: 2025-05-08\n\n**Actor Type**: unknown\n\n## Description\nMirage is a sophisticated cyber espionage group believed to be linked to Chinas Peoples Liberation Army PLA. The groups primary focus is on intelligence gathering, targeting sectors like aerospace and defense. They employ a variety of tactics and tools, including custom malware.\n\n## Targeted Sectors\n* Administraci\u00f3n p\u00fablica\n* Transporte a\u00e9reo\n* Manufactura\n* Investigaci\u00f3n y tecnolog\u00eda espacial\n* Servicios p\u00fablicos\n* ... y 10 m\u00e1s\n\n## Targeted Countries\n* Rep\u00fablica Dominicana\n* India 2\n* Ghana\n* Siria\n* Venezuela\n* ... y 61 m\u00e1s", "modified": "2025-05-08T20:40:09.409000", "created": "2025-05-08T20:40:09.409000", "tags": [ "threat_actor", "unknown", "target:Dominican Republic", "target:India 2", "target:Ghana", "target:Siria", "target:Venezuela", "target:India", "target:Switzerland", "target:El Salvador", "target:Italy", "target:Mali", "target:Colombia", "target:Pakistan", "target:Panama", "target:Barbados", "target:Bulgaria", "target:But\u00e1n", "target:Albania", "target:South Africa", "target:Uzbekist\u00e1n", "target:Chequia", "target:Ecuador", "target:Eslovaquia", "target:Guatemala", "target:Belgium", "target:Montenegro", "target:Malaysia", "target:Poland", "target:Egypt", "target:EE.UU.", "target:Trinidad y Tobago", "target:Afganist\u00e1n", "target:Georgia", "target:Nigeria", "target:Saudi Arabia", "target:Brazil", "target:France", "target:Indonesia", "target:Chile", "target:Jamaica", "target:Hungary", "target:Portugal", "target:United Kingdom", "target:Peru", "target:Iran", "target:Turqu\u00eda", "target:Kazajist\u00e1n", "target:Bosnia y Herzegovina", "target:China", "target:Sri Lanka", "target:Croacia", "target:Germany", "target:Libia", "target:Mexico", "target:United Arab Emirates", "target:Argentina", "target:Global", "target:Netherlands", "target:Japan", "target:Bolivia", "target:Yibuti", "target:Vietnam", "target:Fiyi", "target:Cuba", "target:Camboya", "target:Taiw\u00e1n", "target:United States" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "fraevolquez", "id": "91700", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 6, "hostname": 48, "domain": 41 }, "indicator_count": 95, "is_author": false, "is_subscribing": null, "subscriber_count": 55, "modified_text": "388 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "680190c45c13710c439a3db0", "name": "Threat Actor Profile: Mirage", "description": "# Mirage - Threat Actor Profile\n\n**Report Date**: 2025-04-17\n\n**Actor Type**: unknown\n\n## Description\nMirage is a sophisticated cyber espionage group believed to be linked to Chinas Peoples Liberation Army PLA. The groups primary focus is on intelligence gathering, targeting sectors like aerospace and defense. They employ a variety of tactics and tools, including custom malware.\n\n## Targeted Sectors\n* Administraci\u00f3n p\u00fablica\n* Transporte a\u00e9reo\n* Manufactura\n* Investigaci\u00f3n y tecnolog\u00eda espacial\n* Servicios p\u00fablicos\n* ... y 10 m\u00e1s\n\n## Targeted Countries\n* Rep\u00fablica Dominicana\n* India 2\n* Ghana\n* Siria\n* Venezuela\n* ... y 61 m\u00e1s", "modified": "2025-04-17T23:37:40.060000", "created": "2025-04-17T23:37:40.060000", "tags": [ "threat_actor", "unknown", "target:Dominican Republic", "target:India 2", "target:Ghana", "target:Siria", "target:Venezuela", "target:India", "target:Switzerland", "target:El Salvador", "target:Italy", "target:Mali", "target:Colombia", "target:Pakistan", "target:Panama", "target:Barbados", "target:Bulgaria", "target:But\u00e1n", "target:Albania", "target:South Africa", "target:Uzbekist\u00e1n", "target:Chequia", "target:Ecuador", "target:Eslovaquia", "target:Guatemala", "target:Belgium", "target:Montenegro", "target:Malaysia", "target:Poland", "target:Egypt", "target:EE.UU.", "target:Trinidad y Tobago", "target:Afganist\u00e1n", "target:Georgia", "target:Nigeria", "target:Saudi Arabia", "target:Brazil", "target:France", "target:Indonesia", "target:Chile", "target:Jamaica", "target:Hungary", "target:Portugal", "target:United Kingdom", "target:Peru", "target:Iran", "target:Turqu\u00eda", "target:Kazajist\u00e1n", "target:Bosnia y Herzegovina", "target:China", "target:Sri Lanka", "target:Croacia", "target:Germany", "target:Libia", "target:Mexico", "target:United Arab Emirates", "target:Argentina", "target:Global", "target:Netherlands", "target:Japan", "target:Bolivia", "target:Yibuti", "target:Vietnam", "target:Fiyi", "target:Cuba", "target:Camboya", "target:Taiw\u00e1n", "target:United States" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "fraevolquez", "id": "91700", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 6, "hostname": 48, "domain": 41 }, "indicator_count": 95, "is_author": false, "is_subscribing": null, "subscriber_count": 55, "modified_text": "409 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "67ff13e09a7b60d18a996220", "name": "Threat Actor Profile: Mirage", "description": "# Mirage - Threat Actor Profile\n\n**Report Date**: 2025-04-16\n\n**Actor Type**: unknown\n\n## Description\nMirage is a sophisticated cyber espionage group believed to be linked to Chinas Peoples Liberation Army PLA. The groups primary focus is on intelligence gathering, targeting sectors like aerospace and defense. They employ a variety of tactics and tools, including custom malware.\n\n## Techniques\n* T1497\n* T1114.002\n* T1114\n* T1001\n* T1094\n* ... y 204 m\u00e1s\n\n## Targeted Sectors\n* Administraci\u00f3n p\u00fablica\n* Transporte a\u00e9reo\n* Manufactura\n* Investigaci\u00f3n y tecnolog\u00eda espacial\n* Servicios p\u00fablicos\n* ... y 10 m\u00e1s\n\n## Targeted Countries\n* Rep\u00fablica Dominicana\n* India 2\n* Ghana\n* Siria\n* Venezuela\n* ... y 61 m\u00e1s", "modified": "2025-04-16T02:20:16.466000", "created": "2025-04-16T02:20:16.466000", "tags": [ "threat_actor", "unknown", "T1497", "T1114.002", "T1114", "T1001", "T1094", "T1566.001", "T1068", "T1087.003", "T1111", "T1059.003", "T1053.002", "T1053.006", "TA0037", "T1014", "T1598.003", "T1602.002", "T1444", "T1081", "TA0004", "T1598.001", "T1598", "T1053.001", "T1574", "T1017", "T1602", "TA0002", "T1202", "T1194", "TA0005", "TA0011", "T1059.006", "T1031", "T1059", "T1055.004", "T1192", "T1574.006", "T1566.002", "T1156", "T1055.008", "T1056.003", "T1560", "T1053.007", "T1583.002", "T1055.001", "T1082", "T1027", "T1608.005", "T1071.001", "T1566", "T1038", "T1589", "T1041", "T1534", "T1105", "TA0009", "T1204.001", "T1155", "T1049", "T1001.003", "T1445", "T1056.001", "T1071.004", "T1608.001", "T1055.002", "T1210", "T1056", "T1450", "TA0006", "T1193", "T1055", "TA0043", "T1493", "TA0003", "TA0007", "T1491", "T1036", "T1036.004", "T1503", "T1114.001", "T1449", "T1566.003", "T1053", "T1110.002", "T1053.003", "T1459", "T1001.001", "T1598.002", "T1140", "T1059.007", "T1496", "TA0001", "T1088", "T1113", "T1071.003", "T1012", "T1046", "T1114.003", "T1129", "T1125", "T1071", "T1583.005_102", "106_T1056", "T1036.002", "T1112", "T1018", "T1021.002", "T1036.005", "T1547", "T1057", "T1008", "T1518", "T1170", "T1021", "T1011", "T1060", "T1539", "T1418", "T1614.001", "T1087.002", "T1021.001", "T1040", "T1020", "T1213", "T1069", "T1587", "T1533", "T1003.003", "T1003.004", "T1560.001", "T1548.002", "T1087", "T1069.002", "T1095", "T1426", "T1102", "T1201", "T1222", "T1070", "T1074", "T1033", "T1130", "T1569", "T1078.002", "T1552", "T1106", "T1190", "T1007", "T1495", "T1133", "T1090", "T1547.001", "T1588.002", "T1016", "T1422", "T1137", "T1588", "T1119", "T1437", "T1124", "T1569.002", "T1134", "T1005", "T1005.001", "T1003.002", "T1903", "T1059.001", "T1853", "T1115", "T1543.003", "T1430", "T1087.001", "T1587.001", "T1562.001", "T1543", "T1489", "T1078", "T1614", "T1509", "T1078.004", "T1083", "T1592.004", "T1558.001", "T1558", "T1530", "T1213.002", "T1047", "T1085", "T1003", "T1003.001", "T1120", "T1217", "T1074.001", "T1010", "T1218", "T1048", "T1553", "T1490", "T1497.003", "T1055.003", "T1571", "T11955", "T1204.002", "T1199", "T1204.", "T1595.002", "T1102.002", "T1583.003", "T1027.009", "T1027.013", "target:Dominican Republic", "target:India 2", "target:Ghana", "target:Siria", "target:Venezuela", "target:India", "target:Switzerland", "target:El Salvador", "target:Italy", "target:Mali", "target:Colombia", "target:Pakistan", "target:Panama", "target:Barbados", "target:Bulgaria", "target:But\u00e1n", "target:Albania", "target:South Africa", "target:Uzbekist\u00e1n", "target:Chequia", "target:Ecuador", "target:Eslovaquia", "target:Guatemala", "target:Belgium", "target:Montenegro", "target:Malaysia", "target:Poland", "target:Egypt", "target:EE.UU.", "target:Trinidad y Tobago", "target:Afganist\u00e1n", "target:Georgia", "target:Nigeria", "target:Saudi Arabia", "target:Brazil", "target:France", "target:Indonesia", "target:Chile", "target:Jamaica", "target:Hungary", "target:Portugal", "target:United Kingdom", "target:Peru", "target:Iran", "target:Turqu\u00eda", "target:Kazajist\u00e1n", "target:Bosnia y Herzegovina", "target:China", "target:Sri Lanka", "target:Croacia", "target:Germany", "target:Libia", "target:Mexico", "target:United Arab Emirates", "target:Argentina", "target:Global", "target:Netherlands", "target:Japan", "target:Bolivia", "target:Yibuti", "target:Vietnam", "target:Fiyi", "target:Cuba", "target:Camboya", "target:Taiw\u00e1n", "target:United States" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "fraevolquez", "id": "91700", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 6, "hostname": 48, "domain": 41 }, "indicator_count": 95, "is_author": false, "is_subscribing": null, "subscriber_count": 55, "modified_text": "411 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "677337a16d3d2b051137f251", "name": "Mirage", "description": "Mirage es un grupo de ciberespionaje vinculado al Ej\u00e9rcito Popular de Liberaci\u00f3n de China, centrado en la recopilaci\u00f3n de inteligencia en sectores como aeroespacial y defensa. Utilizan malware personalizado, spear-phishing y ataques a sitios web para infiltrar organizaciones.", "modified": "2025-01-30T00:00:18.927000", "created": "2024-12-31T00:15:29.657000", "tags": [], "references": [], "public": 1, "adversary": "Mirage", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 9, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "fraevolquez", "id": "91700", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 399, "FileHash-SHA1": 367, "FileHash-SHA256": 379, "CVE": 6, "domain": 41, "hostname": 48 }, "indicator_count": 1240, "is_author": false, "is_subscribing": null, "subscriber_count": 58, "modified_text": "487 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "67733b72d522398f5ea0a12d", "name": "Indicadores de Compromiso Estudiio de Inteligencia de Amenaza para Maestr\u00eda UASD Sobre Actores identificados en SOC Radar", "description": "Indicadores de Compromiso Estudiio de Inteligencia de Amenaza para Maestr\u00eda UASD Sobre Actores identificados en SOC Radar con Intereses en la Administraci\u00f3n P\u00fablica de la Rep\u00fablica Dominicana, Diciembre 2024", "modified": "2025-01-30T00:00:18.927000", "created": "2024-12-31T00:31:46.858000", "tags": [ "cve201711882", "cve20201472" ], "references": [], "public": 1, "adversary": "El Machete, TAG-100, Mirage, Unamed_Grooup", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 7, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "fraevolquez", "id": "91700", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 2631, "FileHash-SHA1": 2168, "FileHash-SHA256": 3401, "CVE": 25, "domain": 977, "hostname": 1226 }, "indicator_count": 10428, "is_author": false, "is_subscribing": null, "subscriber_count": 69, "modified_text": "487 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "references": [ "https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2018/march/apt15-is-alive-and-strong-an-analysis-of-royalcli-and-royaldns/", "https://raw.githubusercontent.com/nccgroup/Royal_APT/master/signatures/apt15.yara" ], "related": { "alienvault": { "adversary": [ "APT15" ], "malware_families": [], "industries": [ "Defence", "Government" ] }, "other": { "adversary": [ "El Machete, TAG-100, Mirage, Unamed_Grooup", "Mirage" ], "malware_families": [], "industries": [] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 9, "pulses": [ { "id": "5aa3a21ceb6bea498d672e1d", "name": "APT15 is alive and strong: An analysis of RoyalCli and RoyalDNS", "description": "In May 2017, NCC Groups Incident Response team reacted to an ongoing incident where our client, which provides a range of services to UK Government, suffered a network compromise involving the advanced persistent threat group APT15.\n\nAPT15 is also known as, Ke3chang, Mirage, Vixen Panda GREF and Playful Dragon.\nA number of sensitive documents were stolen by the attackers during the incident and we believe APT15 was targeting information related to UK government departments and military technology.", "modified": "2018-03-10T09:20:44.193000", "created": "2018-03-10T09:15:08.327000", "tags": [ "APT15", "Ke3chang", "Mirage", "Vixen Panda", "GREF", "Playful Dragon", "RoyalCli", "RoyalDNS", "BS2005", "nccgroup" ], "references": [ "https://raw.githubusercontent.com/nccgroup/Royal_APT/master/signatures/apt15.yara", "https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2018/march/apt15-is-alive-and-strong-an-analysis-of-royalcli-and-royaldns/" ], "public": 1, "adversary": "APT15", "targeted_countries": [ "United Kingdom" ], "malware_families": [], "attack_ids": [], "industries": [ "government", "defence" ], "TLP": "white", "cloned_from": null, "export_count": 70, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "domain": 4, "FileHash-SHA256": 6, "hostname": 6, "YARA": 6, "FileHash-MD5": 2 }, "indicator_count": 24, "is_author": false, "is_subscribing": null, "subscriber_count": 386693, "modified_text": "3004 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "68897aac34d205d5cfc55c74", "name": "Threat Actor Profile: Mirage", "description": "# Mirage - Threat Actor Profile\n\n**Report Date**: 2025-07-30\n\n**Actor Type**: unknown\n\n## Description\nMirage is a sophisticated cyber espionage group believed to be linked to Chinas Peoples Liberation Army PLA. The groups primary focus is on intelligence gathering, targeting sectors like aerospace and defense. They employ a variety of tactics and tools, including custom malware.\n\n## Targeted Sectors\n* Administraci\u00f3n p\u00fablica\n* Transporte a\u00e9reo\n* Manufactura\n* Investigaci\u00f3n y tecnolog\u00eda espacial\n* Servicios p\u00fablicos\n* ... y 10 m\u00e1s\n\n## Targeted Countries\n* Rep\u00fablica Dominicana\n* India 2\n* Ghana\n* Siria\n* Venezuela\n* ... y 61 m\u00e1s", "modified": "2025-07-30T01:51:40.989000", "created": "2025-07-30T01:51:40.989000", "tags": [ "threat_actor", "unknown", "target:Dominican Republic", "target:India 2", "target:Ghana", "target:Siria", "target:Venezuela", "target:India", "target:Switzerland", "target:El Salvador", "target:Italy", "target:Mali", "target:Colombia", "target:Pakistan", "target:Panama", "target:Barbados", "target:Bulgaria", "target:But\u00e1n", "target:Albania", "target:South Africa", "target:Uzbekist\u00e1n", "target:Chequia", "target:Ecuador", "target:Eslovaquia", "target:Guatemala", "target:Belgium", "target:Montenegro", "target:Malaysia", "target:Poland", "target:Egypt", "target:EE.UU.", "target:Trinidad y Tobago", "target:Afganist\u00e1n", "target:Georgia", "target:Nigeria", "target:Saudi Arabia", "target:Brazil", "target:France", "target:Indonesia", "target:Chile", "target:Jamaica", "target:Hungary", "target:Portugal", "target:United Kingdom", "target:Peru", "target:Iran", "target:Turqu\u00eda", "target:Kazajist\u00e1n", "target:Bosnia y Herzegovina", "target:China", "target:Sri Lanka", "target:Croacia", "target:Germany", "target:Libia", "target:Mexico", "target:United Arab Emirates", "target:Argentina", "target:Global", "target:Netherlands", "target:Japan", "target:Bolivia", "target:Yibuti", "target:Vietnam", "target:Fiyi", "target:Cuba", "target:Camboya", "target:Taiw\u00e1n", "target:United States" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 20, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "fraevolquez", "id": "91700", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 6, "hostname": 48, "domain": 41 }, "indicator_count": 95, "is_author": false, "is_subscribing": null, "subscriber_count": 55, "modified_text": "306 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6851f4070f95e4f44c09efcf", "name": "Threat Actor Profile: Mirage", "description": "# Mirage - Threat Actor Profile\n\n**Report Date**: 2025-06-17\n\n**Actor Type**: unknown\n\n## Description\nMirage is a sophisticated cyber espionage group believed to be linked to Chinas Peoples Liberation Army PLA. The groups primary focus is on intelligence gathering, targeting sectors like aerospace and defense. They employ a variety of tactics and tools, including custom malware.\n\n## Targeted Sectors\n* Administraci\u00f3n p\u00fablica\n* Transporte a\u00e9reo\n* Manufactura\n* Investigaci\u00f3n y tecnolog\u00eda espacial\n* Servicios p\u00fablicos\n* ... y 10 m\u00e1s\n\n## Targeted Countries\n* Rep\u00fablica Dominicana\n* India 2\n* Ghana\n* Siria\n* Venezuela\n* ... y 61 m\u00e1s", "modified": "2025-06-17T23:02:30.349000", "created": "2025-06-17T23:02:30.349000", "tags": [ "threat_actor", "unknown", "target:Dominican Republic", "target:India 2", "target:Ghana", "target:Siria", "target:Venezuela", "target:India", "target:Switzerland", "target:El Salvador", "target:Italy", "target:Mali", "target:Colombia", "target:Pakistan", "target:Panama", "target:Barbados", "target:Bulgaria", "target:But\u00e1n", "target:Albania", "target:South Africa", "target:Uzbekist\u00e1n", "target:Chequia", "target:Ecuador", "target:Eslovaquia", "target:Guatemala", "target:Belgium", "target:Montenegro", "target:Malaysia", "target:Poland", "target:Egypt", "target:EE.UU.", "target:Trinidad y Tobago", "target:Afganist\u00e1n", "target:Georgia", "target:Nigeria", "target:Saudi Arabia", "target:Brazil", "target:France", "target:Indonesia", "target:Chile", "target:Jamaica", "target:Hungary", "target:Portugal", "target:United Kingdom", "target:Peru", "target:Iran", "target:Turqu\u00eda", "target:Kazajist\u00e1n", "target:Bosnia y Herzegovina", "target:China", "target:Sri Lanka", "target:Croacia", "target:Germany", "target:Libia", "target:Mexico", "target:United Arab Emirates", "target:Argentina", "target:Global", "target:Netherlands", "target:Japan", "target:Bolivia", "target:Yibuti", "target:Vietnam", "target:Fiyi", "target:Cuba", "target:Camboya", "target:Taiw\u00e1n", "target:United States" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 20, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "fraevolquez", "id": "91700", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 6, "hostname": 48, "domain": 41 }, "indicator_count": 95, "is_author": false, "is_subscribing": null, "subscriber_count": 56, "modified_text": "348 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "683df46be3b5f1ff932aa84a", "name": "Threat Actor Profile: Mirage", "description": "# Mirage - Threat Actor Profile\n\n**Report Date**: 2025-06-02\n\n**Actor Type**: unknown\n\n## Description\nMirage is a sophisticated cyber espionage group believed to be linked to Chinas Peoples Liberation Army PLA. The groups primary focus is on intelligence gathering, targeting sectors like aerospace and defense. They employ a variety of tactics and tools, including custom malware.\n\n## Targeted Sectors\n* Administraci\u00f3n p\u00fablica\n* Transporte a\u00e9reo\n* Manufactura\n* Investigaci\u00f3n y tecnolog\u00eda espacial\n* Servicios p\u00fablicos\n* ... y 10 m\u00e1s\n\n## Targeted Countries\n* Rep\u00fablica Dominicana\n* India 2\n* Ghana\n* Siria\n* Venezuela\n* ... y 61 m\u00e1s", "modified": "2025-06-02T18:58:51.287000", "created": "2025-06-02T18:58:51.287000", "tags": [ "threat_actor", "unknown", "target:Dominican Republic", "target:India 2", "target:Ghana", "target:Siria", "target:Venezuela", "target:India", "target:Switzerland", "target:El Salvador", "target:Italy", "target:Mali", "target:Colombia", "target:Pakistan", "target:Panama", "target:Barbados", "target:Bulgaria", "target:But\u00e1n", "target:Albania", "target:South Africa", "target:Uzbekist\u00e1n", "target:Chequia", "target:Ecuador", "target:Eslovaquia", "target:Guatemala", "target:Belgium", "target:Montenegro", "target:Malaysia", "target:Poland", "target:Egypt", "target:EE.UU.", "target:Trinidad y Tobago", "target:Afganist\u00e1n", "target:Georgia", "target:Nigeria", "target:Saudi Arabia", "target:Brazil", "target:France", "target:Indonesia", "target:Chile", "target:Jamaica", "target:Hungary", "target:Portugal", "target:United Kingdom", "target:Peru", "target:Iran", "target:Turqu\u00eda", "target:Kazajist\u00e1n", "target:Bosnia y Herzegovina", "target:China", "target:Sri Lanka", "target:Croacia", "target:Germany", "target:Libia", "target:Mexico", "target:United Arab Emirates", "target:Argentina", "target:Global", "target:Netherlands", "target:Japan", "target:Bolivia", "target:Yibuti", "target:Vietnam", "target:Fiyi", "target:Cuba", "target:Camboya", "target:Taiw\u00e1n", "target:United States" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "fraevolquez", "id": "91700", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 6, "hostname": 48, "domain": 41 }, "indicator_count": 95, "is_author": false, "is_subscribing": null, "subscriber_count": 55, "modified_text": "363 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "681d16a9fdb8ff7bfe8db459", "name": "Threat Actor Profile: Mirage", "description": "# Mirage - Threat Actor Profile\n\n**Report Date**: 2025-05-08\n\n**Actor Type**: unknown\n\n## Description\nMirage is a sophisticated cyber espionage group believed to be linked to Chinas Peoples Liberation Army PLA. The groups primary focus is on intelligence gathering, targeting sectors like aerospace and defense. They employ a variety of tactics and tools, including custom malware.\n\n## Targeted Sectors\n* Administraci\u00f3n p\u00fablica\n* Transporte a\u00e9reo\n* Manufactura\n* Investigaci\u00f3n y tecnolog\u00eda espacial\n* Servicios p\u00fablicos\n* ... y 10 m\u00e1s\n\n## Targeted Countries\n* Rep\u00fablica Dominicana\n* India 2\n* Ghana\n* Siria\n* Venezuela\n* ... y 61 m\u00e1s", "modified": "2025-05-08T20:40:09.409000", "created": "2025-05-08T20:40:09.409000", "tags": [ "threat_actor", "unknown", "target:Dominican Republic", "target:India 2", "target:Ghana", "target:Siria", "target:Venezuela", "target:India", "target:Switzerland", "target:El Salvador", "target:Italy", "target:Mali", "target:Colombia", "target:Pakistan", "target:Panama", "target:Barbados", "target:Bulgaria", "target:But\u00e1n", "target:Albania", "target:South Africa", "target:Uzbekist\u00e1n", "target:Chequia", "target:Ecuador", "target:Eslovaquia", "target:Guatemala", "target:Belgium", "target:Montenegro", "target:Malaysia", "target:Poland", "target:Egypt", "target:EE.UU.", "target:Trinidad y Tobago", "target:Afganist\u00e1n", "target:Georgia", "target:Nigeria", "target:Saudi Arabia", "target:Brazil", "target:France", "target:Indonesia", "target:Chile", "target:Jamaica", "target:Hungary", "target:Portugal", "target:United Kingdom", "target:Peru", "target:Iran", "target:Turqu\u00eda", "target:Kazajist\u00e1n", "target:Bosnia y Herzegovina", "target:China", "target:Sri Lanka", "target:Croacia", "target:Germany", "target:Libia", "target:Mexico", "target:United Arab Emirates", "target:Argentina", "target:Global", "target:Netherlands", "target:Japan", "target:Bolivia", "target:Yibuti", "target:Vietnam", "target:Fiyi", "target:Cuba", "target:Camboya", "target:Taiw\u00e1n", "target:United States" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "fraevolquez", "id": "91700", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 6, "hostname": 48, "domain": 41 }, "indicator_count": 95, "is_author": false, "is_subscribing": null, "subscriber_count": 55, "modified_text": "388 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "680190c45c13710c439a3db0", "name": "Threat Actor Profile: Mirage", "description": "# Mirage - Threat Actor Profile\n\n**Report Date**: 2025-04-17\n\n**Actor Type**: unknown\n\n## Description\nMirage is a sophisticated cyber espionage group believed to be linked to Chinas Peoples Liberation Army PLA. The groups primary focus is on intelligence gathering, targeting sectors like aerospace and defense. They employ a variety of tactics and tools, including custom malware.\n\n## Targeted Sectors\n* Administraci\u00f3n p\u00fablica\n* Transporte a\u00e9reo\n* Manufactura\n* Investigaci\u00f3n y tecnolog\u00eda espacial\n* Servicios p\u00fablicos\n* ... y 10 m\u00e1s\n\n## Targeted Countries\n* Rep\u00fablica Dominicana\n* India 2\n* Ghana\n* Siria\n* Venezuela\n* ... y 61 m\u00e1s", "modified": "2025-04-17T23:37:40.060000", "created": "2025-04-17T23:37:40.060000", "tags": [ "threat_actor", "unknown", "target:Dominican Republic", "target:India 2", "target:Ghana", "target:Siria", "target:Venezuela", "target:India", "target:Switzerland", "target:El Salvador", "target:Italy", "target:Mali", "target:Colombia", "target:Pakistan", "target:Panama", "target:Barbados", "target:Bulgaria", "target:But\u00e1n", "target:Albania", "target:South Africa", "target:Uzbekist\u00e1n", "target:Chequia", "target:Ecuador", "target:Eslovaquia", "target:Guatemala", "target:Belgium", "target:Montenegro", "target:Malaysia", "target:Poland", "target:Egypt", "target:EE.UU.", "target:Trinidad y Tobago", "target:Afganist\u00e1n", "target:Georgia", "target:Nigeria", "target:Saudi Arabia", "target:Brazil", "target:France", "target:Indonesia", "target:Chile", "target:Jamaica", "target:Hungary", "target:Portugal", "target:United Kingdom", "target:Peru", "target:Iran", "target:Turqu\u00eda", "target:Kazajist\u00e1n", "target:Bosnia y Herzegovina", "target:China", "target:Sri Lanka", "target:Croacia", "target:Germany", "target:Libia", "target:Mexico", "target:United Arab Emirates", "target:Argentina", "target:Global", "target:Netherlands", "target:Japan", "target:Bolivia", "target:Yibuti", "target:Vietnam", "target:Fiyi", "target:Cuba", "target:Camboya", "target:Taiw\u00e1n", "target:United States" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "fraevolquez", "id": "91700", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 6, "hostname": 48, "domain": 41 }, "indicator_count": 95, "is_author": false, "is_subscribing": null, "subscriber_count": 55, "modified_text": "409 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "67ff13e09a7b60d18a996220", "name": "Threat Actor Profile: Mirage", "description": "# Mirage - Threat Actor Profile\n\n**Report Date**: 2025-04-16\n\n**Actor Type**: unknown\n\n## Description\nMirage is a sophisticated cyber espionage group believed to be linked to Chinas Peoples Liberation Army PLA. The groups primary focus is on intelligence gathering, targeting sectors like aerospace and defense. They employ a variety of tactics and tools, including custom malware.\n\n## Techniques\n* T1497\n* T1114.002\n* T1114\n* T1001\n* T1094\n* ... y 204 m\u00e1s\n\n## Targeted Sectors\n* Administraci\u00f3n p\u00fablica\n* Transporte a\u00e9reo\n* Manufactura\n* Investigaci\u00f3n y tecnolog\u00eda espacial\n* Servicios p\u00fablicos\n* ... y 10 m\u00e1s\n\n## Targeted Countries\n* Rep\u00fablica Dominicana\n* India 2\n* Ghana\n* Siria\n* Venezuela\n* ... y 61 m\u00e1s", "modified": "2025-04-16T02:20:16.466000", "created": "2025-04-16T02:20:16.466000", "tags": [ "threat_actor", "unknown", "T1497", "T1114.002", "T1114", "T1001", "T1094", "T1566.001", "T1068", "T1087.003", "T1111", "T1059.003", "T1053.002", "T1053.006", "TA0037", "T1014", "T1598.003", "T1602.002", "T1444", "T1081", "TA0004", "T1598.001", "T1598", "T1053.001", "T1574", "T1017", "T1602", "TA0002", "T1202", "T1194", "TA0005", "TA0011", "T1059.006", "T1031", "T1059", "T1055.004", "T1192", "T1574.006", "T1566.002", "T1156", "T1055.008", "T1056.003", "T1560", "T1053.007", "T1583.002", "T1055.001", "T1082", "T1027", "T1608.005", "T1071.001", "T1566", "T1038", "T1589", "T1041", "T1534", "T1105", "TA0009", "T1204.001", "T1155", "T1049", "T1001.003", "T1445", "T1056.001", "T1071.004", "T1608.001", "T1055.002", "T1210", "T1056", "T1450", "TA0006", "T1193", "T1055", "TA0043", "T1493", "TA0003", "TA0007", "T1491", "T1036", "T1036.004", "T1503", "T1114.001", "T1449", "T1566.003", "T1053", "T1110.002", "T1053.003", "T1459", "T1001.001", "T1598.002", "T1140", "T1059.007", "T1496", "TA0001", "T1088", "T1113", "T1071.003", "T1012", "T1046", "T1114.003", "T1129", "T1125", "T1071", "T1583.005_102", "106_T1056", "T1036.002", "T1112", "T1018", "T1021.002", "T1036.005", "T1547", "T1057", "T1008", "T1518", "T1170", "T1021", "T1011", "T1060", "T1539", "T1418", "T1614.001", "T1087.002", "T1021.001", "T1040", "T1020", "T1213", "T1069", "T1587", "T1533", "T1003.003", "T1003.004", "T1560.001", "T1548.002", "T1087", "T1069.002", "T1095", "T1426", "T1102", "T1201", "T1222", "T1070", "T1074", "T1033", "T1130", "T1569", "T1078.002", "T1552", "T1106", "T1190", "T1007", "T1495", "T1133", "T1090", "T1547.001", "T1588.002", "T1016", "T1422", "T1137", "T1588", "T1119", "T1437", "T1124", "T1569.002", "T1134", "T1005", "T1005.001", "T1003.002", "T1903", "T1059.001", "T1853", "T1115", "T1543.003", "T1430", "T1087.001", "T1587.001", "T1562.001", "T1543", "T1489", "T1078", "T1614", "T1509", "T1078.004", "T1083", "T1592.004", "T1558.001", "T1558", "T1530", "T1213.002", "T1047", "T1085", "T1003", "T1003.001", "T1120", "T1217", "T1074.001", "T1010", "T1218", "T1048", "T1553", "T1490", "T1497.003", "T1055.003", "T1571", "T11955", "T1204.002", "T1199", "T1204.", "T1595.002", "T1102.002", "T1583.003", "T1027.009", "T1027.013", "target:Dominican Republic", "target:India 2", "target:Ghana", "target:Siria", "target:Venezuela", "target:India", "target:Switzerland", "target:El Salvador", "target:Italy", "target:Mali", "target:Colombia", "target:Pakistan", "target:Panama", "target:Barbados", "target:Bulgaria", "target:But\u00e1n", "target:Albania", "target:South Africa", "target:Uzbekist\u00e1n", "target:Chequia", "target:Ecuador", "target:Eslovaquia", "target:Guatemala", "target:Belgium", "target:Montenegro", "target:Malaysia", "target:Poland", "target:Egypt", "target:EE.UU.", "target:Trinidad y Tobago", "target:Afganist\u00e1n", "target:Georgia", "target:Nigeria", "target:Saudi Arabia", "target:Brazil", "target:France", "target:Indonesia", "target:Chile", "target:Jamaica", "target:Hungary", "target:Portugal", "target:United Kingdom", "target:Peru", "target:Iran", "target:Turqu\u00eda", "target:Kazajist\u00e1n", "target:Bosnia y Herzegovina", "target:China", "target:Sri Lanka", "target:Croacia", "target:Germany", "target:Libia", "target:Mexico", "target:United Arab Emirates", "target:Argentina", "target:Global", "target:Netherlands", "target:Japan", "target:Bolivia", "target:Yibuti", "target:Vietnam", "target:Fiyi", "target:Cuba", "target:Camboya", "target:Taiw\u00e1n", "target:United States" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "fraevolquez", "id": "91700", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 6, "hostname": 48, "domain": 41 }, "indicator_count": 95, "is_author": false, "is_subscribing": null, "subscriber_count": 55, "modified_text": "411 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "677337a16d3d2b051137f251", "name": "Mirage", "description": "Mirage es un grupo de ciberespionaje vinculado al Ej\u00e9rcito Popular de Liberaci\u00f3n de China, centrado en la recopilaci\u00f3n de inteligencia en sectores como aeroespacial y defensa. Utilizan malware personalizado, spear-phishing y ataques a sitios web para infiltrar organizaciones.", "modified": "2025-01-30T00:00:18.927000", "created": "2024-12-31T00:15:29.657000", "tags": [], "references": [], "public": 1, "adversary": "Mirage", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 9, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "fraevolquez", "id": "91700", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 399, "FileHash-SHA1": 367, "FileHash-SHA256": 379, "CVE": 6, "domain": 41, "hostname": 48 }, "indicator_count": 1240, "is_author": false, "is_subscribing": null, "subscriber_count": 58, "modified_text": "487 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "67733b72d522398f5ea0a12d", "name": "Indicadores de Compromiso Estudiio de Inteligencia de Amenaza para Maestr\u00eda UASD Sobre Actores identificados en SOC Radar", "description": "Indicadores de Compromiso Estudiio de Inteligencia de Amenaza para Maestr\u00eda UASD Sobre Actores identificados en SOC Radar con Intereses en la Administraci\u00f3n P\u00fablica de la Rep\u00fablica Dominicana, Diciembre 2024", "modified": "2025-01-30T00:00:18.927000", "created": "2024-12-31T00:31:46.858000", "tags": [ "cve201711882", "cve20201472" ], "references": [], "public": 1, "adversary": "El Machete, TAG-100, Mirage, Unamed_Grooup", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 7, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "fraevolquez", "id": "91700", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 2631, "FileHash-SHA1": 2168, "FileHash-SHA256": 3401, "CVE": 25, "domain": 977, "hostname": 1226 }, "indicator_count": 10428, "is_author": false, "is_subscribing": null, "subscriber_count": 69, "modified_text": "487 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "zipcodeterm.com", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "zipcodeterm.com", "found": false, "verdict": "clean", "urls": [], "error": null }, "from_cache": true, "_cached_at": 1780289541.6288085 }